Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2018-12-09 01:33:32 +0000

Atli gravatar image

It's not clear to me which field you are asking about so I'll give the answer for the two fields I think you may be asking about.

1) The Asterix Cat 048 - Special Purpose Data Item (or SP for short) with FRN 27 is used by implementations in a proprietary way, therefore the only way to match against it in Wireshark is by using byte sequences, e.g.:

  • asterix.048_SP[4:3]==78:9a:bc (matches the 3-byte sequence at offset 4 (zero based) against the byte sequence 0x78, 0x9a, 0xbc).
  • asterix.048_SP contains 78:9a:bc (matches if the byte sequence 0x78, 0x9a, 0xbc is found in the field).

2) The Asterix Cat 048 - Special Position Indicator (or SPI for short) within FRN 3 is a 1-bit field/flag within Data Item 020, it can therefore be accessed by using the field name, i.e.:

  • asterix.048_020_SPI==1 (matches if the SPI flag is set)

See Display Filters for details.

It's not clear to me which field you are asking about so I'll give the answer for the two fields I think you may be asking about.

1) The Asterix Cat 048 - Special Purpose Data Item (or SP for short) with FRN 27 is used by implementations in a proprietary way, therefore the only way to match against it in Wireshark is by using byte sequences, e.g.:

  • asterix.048_SP[4:3]==78:9a:bc (matches the 3-byte sequence at offset 4 (zero based) against the byte sequence 0x78, 0x9a, 0xbc).
  • asterix.048_SP contains 78:9a:bc (matches if the byte sequence 0x78, 0x9a, 0xbc is found in the field).

2) The Asterix Cat 048 - Special Position Indicator (or SPI for short) within FRN 3 is a 1-bit field/flag within Data Item 020, it can therefore be accessed by using the field name, i.e.:

  • asterix.048_020_SPI==1 (matches if the SPI flag is set)

See Display Filters for details.

It's not clear to me which field you are asking about so I'll give the answer for the two fields I think you may be asking about.

1) The Asterix Cat 048 - Special Purpose Data Item (or SP for short) with FRN 27 is used by implementations in a proprietary way, therefore way.

However, the current implementation of the ASTERIX dissector (Wireshark v2.6.5) doesn't actually populate this field with any data, even if there is any.

Therefore the only way to match against it in Wireshark is today is to either check if the 048_SP field exists or by using byte sequences, checking the entire message, e.g.:

  • asterix.048_SP[4:3]==78:9a:bc (matches asterix.048_SP (matches if the asterix.048_SP field exists)
  • asterix[23:3]==78:9a:bc (matches if the 3-byte sequence at offset 4 23 (zero based) against is equal to the byte sequence 0x78, 0x9a, 0xbc).
  • asterix.048_SP 0xbc).
  • asterix contains 78:9a:bc (matches if the byte sequence 0x78, 0x9a, 0xbc 0xbc is found in the field).

2) The Asterix Cat 048 - Special Position Indicator (or SPI for short) within FRN 3 is a 1-bit field/flag within Data Item 020, it can therefore be accessed by using the field name, i.e.:

  • asterix.048_020_SPI==1 (matches if the SPI flag is set)

See Display Filters for details.

Edit: Corrected an error on my part where I thought it was possible to probe inside the asterix.048_SP field.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2