Wireshark mailing list archives
Re: Dissecting a field that has non-octet bit boundaries
From: yannick omnes <yomnes () aviwest com>
Date: Fri, 23 Jan 2015 08:46:13 +0100
Hi Richard,I had the same problem recently, that I solved using a bitmask in one of the register_info fields. It looked like that :
{
&hf_protocol_id,
{
"ID", "protocol.id",
FT_UINT8, BASE_DEC_HEX,
NULL, 0x1,
NULL, HFILL
},
}
This should display only the first bit of a byte.
Hope that helps,
Regards
Yannick
Le 23/01/2015 05:46, Richard Sharpe a écrit :
Hi Folks, I am trying to dissect MS-RSVD further since I have a capture of some of that funky SCSI tunneled over SMB2/3. Anyway, they have a 4-byte header that consists of: 1 byte: Protocol ID 12 bits: Protocol Version 12 bits: Operation Code How do I deal with this. It does not seem like proto_tree_add_bitmask is the correct thing.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissecting a field that has non-octet bit boundaries Richard Sharpe (Jan 22)
- Re: Dissecting a field that has non-octet bit boundaries yannick omnes (Jan 22)
- Re: Dissecting a field that has non-octet bit boundaries Anders Broman (Jan 23)
- Re: Dissecting a field that has non-octet bit boundaries Richard Sharpe (Jan 23)
- Re: Dissecting a field that has non-octet bit boundaries Anders Broman (Jan 23)
- Re: Dissecting a field that has non-octet bit boundaries yannick omnes (Jan 22)