This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

writing my own dissector - function to show the data in binary

0

Hello,

I am writing my own wireshark dissector and I have one short question:

Is there any function in wireshark, which turns an array of bytes into a string, showing the bytes in binary? I know that there are functions, showing the data in hex format, but I cannot find anything analogical with binary.

asked 17 Sep '14, 01:17

Magda%20Nowak-Trzos's gravatar image

Magda Nowak-...
1335
accept rate: 0%

edited 17 Sep '14, 01:34

grahamb's gravatar image

grahamb ♦
19.8k330206

I.e., you'd want to take a sequence of byte values such as 0xFE 0xED 0xFA 0xCE 0xDE 0xAD 0xBE 0xEF and turn it into a text string such as "FEEDFACEDEADBEEF" or "FE:ED:FA:CE:DE:AD:BE:EF"?

(17 Sep '14, 12:52) Guy Harris ♦♦

One Answer:

1

I think you mean to take an array of bytes like 0xFE 0xED and turning it into a text string like "1111111011101101". I'm virtually certain there's no function in Wireshark to do that today--not many people want to see that many bytes in binary.

Note that if you have a particular field (e.g., an FT_UINT32) and you provide a bitmask (in the hf definition) then Wireshark will show the bit values in the field decode; you can see this in the decode of the TCP Flags:

.... 0000 0000 0010 = Flags: 0x002 (SYN)
    000. .... .... = Reserved: Not set
    ...0 .... .... = Nonce: Not set
    .... 0... .... = Congestion Window Reduced (CWR): Not set

answered 22 Oct '14, 08:53

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%