This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Fake-field-Wrapper

0

Dears, I have a question, I want to understand the meaning of this message "fake-field-wrapper", in what situation is used, where can I get or if you can share more documentation related to this message?

asked 25 Oct '17, 06:54

Miguel198532's gravatar image

Miguel198532
6112
accept rate: 0%

In what context do you see that message?

(25 Oct '17, 07:02) grahamb ♦

In the FCS [Frame check sequence], this is signaling of "Attach Request" sent from POS device to mobile network.

(25 Oct '17, 08:27) Miguel198532

One Answer:

0

For reference the context appears to be when using PDML output.

The comment next to the code that outputs the <proto name="fake-field-wrapper""> element is:

/* Will wrap up top-level field items inside a fake protocol wrapper to preserve the PDML schema */

and the code that checks if this is necessary is:

wrap_in_fake_protocol =
    (((fi->hfinfo->type != FT_PROTOCOL) ||
      (fi->hfinfo->id == proto_data)) &&
     (pdata->level == 0));

I'm guessing this means that if the top-level node isn't of type FT_PROTOCOL or just data then the fake-field-wrapper node is printed.

I'd need to see a capture to work out what's really happening.

answered 25 Oct '17, 08:55

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%