Wireshark · Ethereal-dev: Re: [Ethereal-dev] decimals not accepted in substrings

Ethereal-dev: Re: [Ethereal-dev] decimals not accepted in substrings - can youconfirm a bug?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Mon, 24 Oct 2005 09:41:30 +0200

Visser, Martin wrote:

Uwe,

Gilbert has included the correct syntax below for looking for subnetsm -
this is defintely the way to go.

If you did however insist on using the substring syntax, you would need
to use the following:

"ip[12:3] == C0:A8:01 || ip[16:3] == C0:A8:01"

(which is equivalent to "ip.addr == 192.168.1.0/24" )

The fieldds ip.src,ip.dst and ip.addr are "special" and can't be indexed
directly. Hence I had to index to the source and dest address field
offset (12 and 16 respectively) in the IP packet as shown above.

Unfortunately (and the manual isn't all that clear on this) though
integers are able to be represented by "decimal, octal, or hexadecimal",
this doesn't apply to the byte values in the substring. These have to be
hex (also shown above)

(Of course, the converse is true, and you can use hex in the index,so "ip[0x0C:0x03] == C0:A8:01 || ip[0x10:0x03] == C0:A8:01" ,is also a

valid expression of the above expression)

Why not add some of the examples to the wiki:http://wiki.ethereal.com/Internet_Protocol ?


So next time this question comes up, simply point to the wiki.

Regards, ULFL

References:
- RE: [Ethereal-dev] decimals not accepted in substrings - can youconfirm a bug?
  - From: Visser, Martin

Prev by Date: RE: [Ethereal-dev] decimals not accepted in substrings - can youconfirm a bug?
Next by Date: Re: [Ethereal-dev] decimals not accepted in substrings - can youconfirm a bug?
Previous by thread: RE: [Ethereal-dev] decimals not accepted in substrings - can youconfirm a bug?
Next by thread: Re: [Ethereal-dev] decimals not accepted in substrings - can youconfirm a bug?
Index(es):
- Date
- Thread