Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] Dissect a packet base header bits

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 7 Mar 2007 07:56:03 +0100 (CET)

Hi,

Oke, so how about reading the header and decide where to go from there.
Something crude like:

offset = 0
proto_tree_add_item(tree, hf_foo_header, tvb, offset, 1, FALSE);
header = tvb_get_guint8(tvb, offset);
offset++;

if ((header & 0xE0 == 0) || (header & 0xE0 == 0xE0)) {
  proto_tree_add_item(tree, hf_foo_message, tvb, offset, 20, FALSE);
  offset += 20;
}
if ((header & 0xE0 == 0x20) || (header & 0xE0 == 0xE0)) {
  proto_tree_add_item(tree, hf_foo_data, tvb, offset,
    tvb_get_length(tvb, offset), FALSE);
}

Thanx,
Jaap

On Tue, 6 Mar 2007, Steven Le wrote:

> Thanks jaap, here is more information:
>
> Header is 1byte and its format
> 7 6 5     4 3 2 1 0  bit
> type        XXXXX
> Messages is 20 bytes
> Binary data is unknown
> After getting the first 3 bits from header:
>
> Format of this payload will depend on the first 3 bits of header (bit Type
> field)
> -------------------------------------------------
>  Header|Message              if first 3 bits (type) is 000
>  Header|Binary Data                                         001
>  Header|Message|Binary Data                           111
> -------------------------------------------------
>
> On 3/6/07, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> >
> > Hi,
> >
> > You'll have to provide a little more detail than this. What size are
> > header, message and data? Are they packed in a byte? format stuff like
> > that.
> >
> > Thanx,
> > Jaap
> >
> >
> > On Tue, 6 Mar 2007, Steven Le wrote:
> >
> > > I have to dissect this payload.
> > >
> > > Header  | message | data
> > >
> > > After getting the first 3 bits from header: 000 -> Header
> > >
> > 010
> > > -> Header|Message
> > >
> > 001
> > > -> Header|Binary Data
> > >
> > 011
> > > -> Header|Message|Binary Data
> > >
> > > How can I hand off from Header to certain block?
> > >
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
  • Follow-Ups:
    • Re: [Wireshark-dev] Dissect a packet base header bits
      • From: Steven Le
  • References:
    • Re: [Wireshark-dev] Dissect a packet base header bits
      • From: Steven Le
  • Prev by Date: Re: [Wireshark-dev] Ronnie's SVN 20251 looks quite strange to me - is there a reason?
  • Next by Date: Re: [Wireshark-dev] Ronnie's SVN 20251 looks quite strange to me - is there a reason?
  • Previous by thread: Re: [Wireshark-dev] Dissect a packet base header bits
  • Next by thread: Re: [Wireshark-dev] Dissect a packet base header bits
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation