Wireshark · Wireshark-dev: [Wireshark-dev] how to extract field value from tethereal using edt

["Himanshu Nayak" <himanshu_nayak@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>]

how to extract field value from tethereal using edt

---

Q.my question:
The below shows the output of pdml generated by tethereal.
how can i find out the value=85(red line) from the below using edt. i am able to find out show="Service information octet" using edt as follows:
edt->tree->first_child->next->next->firsrt_child->finfo->rep->representation
and also size:
edt->tree->first_child->next->next->firsrt_child->finfo->length
similarly how can i find out value="85" using edt and finfo field.

 

<proto name="frame">
<field name="frame.marked" size="0"/>
<field name="frame.time"/>
<field name="frame.time_delta"/>
<field name="frame.time_relative"/>
<field name="frame.number"/>
<field name="frame.pkt_len"/>
<field name="frame.cap_len"/>
<field name="frame.protocols"/>
</proto>
<proto name="mtp2">
<field name="mtp2.bsn" value="51" unmaskedvalue="d1"/>
<field name="mtp2.bib" value="1" unmaskedvalue="d1"/>
<field name="mtp2.fsn" value="5A" unmaskedvalue="da"/>
<field name="mtp2.fib" value="1" unmaskedvalue="da"/>
<field name="mtp2.li" value="1B" unmaskedvalue="1b"/>
<field name="mtp2.spare" value="0" unmaskedvalue="1b"/>
</proto>
<proto name="mtp3">
<field show="Service information octet" size="1" value="85">
<field name="mtp3.spare" value="0" unmaskedvalue="85"/>
<field name="mtp3.service_indicator" value="5" unmaskedvalue="85"/>
</field>
<field show="Routing label" size="4" value="76429d10">
<field name="mtp3.pc" size="4" value="76429d10"/>
<field name="mtp3.pc" size="4" value="76429d10"/>
<field name="mtp3.dpc" value="276" unmaskedvalue="76429d10"/>
<field name="mtp3.opc" value="275" unmaskedvalue="76429d10"/>
<field name="mtp3.sls" value="1" unmaskedvalue="76429d10"/>
</field>
</proto>