This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to dissect bit by bit and display

0

Hi,

Iam trying for custom dissector bit wise operation octet by octet.

I have used

   proto_tree_add_bits_item(my_sub_tree, hf_my_type, my_tvb, offset,6, TRUE);

This is 6 bit lenth.

           ..00 0010 = Message Type : FWD_CNTRL (0x02)

I can able to get the bits properly. No issues on that. i want remove

                          "..00 0010= " this PART and diplay only
                          Message Type : FWD_CNTRL (0x02)

I have tried another method using MASK

             proto_tree_add_item(my_sub_tree, hf_my_type, my_tvb, offset,6, ENC_LITTLE_ENDIAN);

         { &hf_msg_typ,
         { "Message Type ", "msg_type",FT_UINT8, BASE_HEX, VALS(msg_type_vals), 0x3f, NULL, HFILL }
         },</code></pre><p>This one also output as</p><pre><code>                           ..00 0010 = Message Type : FWD_CNTRL (0x02)</code></pre><p>How can i remove<br />



                           "..00 0010= " this PART and diplay only
                            Message Type : FWD_CNTRL (0x02)
Please Help

asked 31 May '14, 00:40

umar's gravatar image

umar
26222427
accept rate: 0%

edited 06 Jun '14, 02:59

IMHO removing ..00 0010 = Message Type : FWD_CNTRL (0x02) is a bad choice the former let you see exactly which bits are beeing dissected and the meaning of the bits. If the bits allways occure in the same Place using proto_add_item with a bit mask may be a better choice than proto_tree_add_bits_item(). Just my 2 cents.

(06 Jun '14, 04:38) Anders ♦

One Answer:

0

Have you looked at the proto_tree_add_xxx_format() or proto_tree_add_xxx_format_value() functions? They give you full control of the tree representation.

answered 06 Jun '14, 03:54

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hi I have tried

                  proto_tree_add_xxx_format() or proto_tree_add_xxx_format_value()  both.

              Rteurning error. How exactly i should use to remove 
                                    &quot;..00 0010= &quot; this PART and diplay only
                                    Message Type : FWD_CNTRL (0x02)</code></pre><p>Thanks in advance!</p></div><div id="comment-34376-info" class="comment-info"><span class="comment-age">(03 Jul '14, 02:13)</span> <span class="comment-user userinfo">umar</span></div></div><span id="34403"></span><div id="comment-34403" class="comment"><div id="post-34403-score" class="comment-score">1</div><div class="comment-text"><p>Just use <code>proto_tree_add_text()</code> then as that gives you full control of the tree representation, but note that the field won't be filterable.</p></div><div id="comment-34403-info" class="comment-info"><span class="comment-age">(04 Jul '14, 03:55)</span> <span class="comment-user userinfo">grahamb ♦</span></div></div></div><div id="comment-tools-33498" class="comment-tools"></div><div class="clear"></div><div id="comment-33498-form-container" class="comment-form-container"></div><div class="clear"></div></div></td></tr></tbody></table>