Hi, I am looking for filter expression that will enable search per specific bit in data filed. Do you have any idea?
asked 12 Jun '13, 06:27
I assume you are looking for a display filter. You can check for a specific bit value by using the "&" operator. For instance, if I want to see all packets with the SYN flag set, I can use the filter "
Here are some more examples, as I do not know in which part of the data you want to look:
(please note that the filters above are completely random)
In which data field do you need to test a bit value?
answered 12 Jun '13, 06:49
You can use data.data[index] to filter on bytes in the data section e.g. data.data==05. If you want to go down to the bit layer you'd have to use multiple expressions like that to specify the ranges. Edit: Or use SYN-Bit's method ;)
e.g. first bit in data section == 1 --> data.data can have a range from 80 to FF (1000 0000 to 1111 1111) --> data.data >= 80
answered 12 Jun '13, 06:53
edited 12 Jun '13, 06:56
Assuming a display filter is required, you can use the logical and to mask out the bit you're interested in, e.g.
prot.field & 0x80
to mask out the top bit of a field.
answered 12 Jun '13, 07:06