Ask Your Question

Check individual bits

asked 2021-03-25 11:33:59 +0000

Mr Krisey gravatar image


I am trying to filter on specific bits in the data section, but I am unable to get the results I want. I have already looked at these links which heavily relates with what I want to accomplish.

My filter atm: From there on I wanted filter the left most byte for its right most bit in the section. (want to see that the right most bit in the first byte is set. I dont care about the others--> 0000 0001 0000 0000)[0]&1 I then want to filter the three right most bits in the byte.[0]&1 and[0]&2 and[0]&3 I then do this ![0]&1 and ![0]&2 and ![0]&3 and rtp

The data it filtrates gives me a hex value in one of the packet of 0x000005f8702220 In binary the three right most bit in byte 0 is 111. I wanted them to be 000. What am I doing wrong?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-03-25 11:47:25 +0000

grahamb gravatar image

updated 2021-03-25 12:06:22 +0000

You want bit 1 set and bits 2 & 3 clear, so mask (bitwise and) with 0x01 to test the first bit and then mask with 0x06 to test the 2nd and 3rd bits, but negating the result:

([0] & 0x01) and !([0] & 0x06)
edit flag offensive delete link more


It wont go through as a filter. But the filter you gave, does it check if the whole byte equals to 1, or does it just check if the last three bits equals 1? I only care about those three bits, the other bits in the data section can be whatever :)

Mr Krisey gravatar imageMr Krisey ( 2021-03-25 11:55:08 +0000 )edit

Never mind, I guess the and operation tells which bit I want to see equals to "1". But still, the filter wont go through. If i remove " == 1" the filter goes through thou.

Mr Krisey gravatar imageMr Krisey ( 2021-03-25 11:58:06 +0000 )edit

Oops. my mistake, you can't compare the result of a bitwise and, so split it into two ops, check the first bit is set and then check the second 2 bits are unset. I've edited the answer.

grahamb gravatar imagegrahamb ( 2021-03-25 12:05:08 +0000 )edit

you can't compare the result of a bitwise and

It would be a nice Wireshark enhancement to support this though. See also:

cmaynard gravatar imagecmaynard ( 2021-03-25 13:18:36 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-03-25 11:33:59 +0000

Seen: 1,807 times

Last updated: Mar 25 '21