Ask Your Question
0

Check individual bits

asked 2021-03-25 11:33:59 +0000

Mr Krisey gravatar image

Hi!

I am trying to filter on specific bits in the data section, but I am unable to get the results I want. I have already looked at these links which heavily relates with what I want to accomplish.

https://osqa-ask.wireshark.org/questi....

https://osqa-ask.wireshark.org/questi...

My filter atm: rtp.ext.rfc5285.data From there on I wanted filter the left most byte for its right most bit in the section. (want to see that the right most bit in the first byte is set. I dont care about the others--> 0000 0001 0000 0000) rtp.ext.rfc5285.data[0]&1 I then want to filter the three right most bits in the byte. rtp.ext.rfc5285.data[0]&1 and rtp.ext.rfc5285.data[0]&2 and rtp.ext.rfc5285.data[0]&3 I then do this !rtp.ext.rfc5285.data[0]&1 and !rtp.ext.rfc5285.data[0]&2 and !rtp.ext.rfc5285.data[0]&3 and rtp

The data it filtrates gives me a hex value in one of the packet of 0x000005f8702220 In binary the three right most bit in byte 0 is 111. I wanted them to be 000. What am I doing wrong?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-03-25 11:47:25 +0000

grahamb gravatar image

updated 2021-03-25 12:06:22 +0000

You want bit 1 set and bits 2 & 3 clear, so mask (bitwise and) with 0x01 to test the first bit and then mask with 0x06 to test the 2nd and 3rd bits, but negating the result:

(rtp.ext.rfc5285.data[0] & 0x01) and !(rtp.ext.rfc5285.data[0] & 0x06)
edit flag offensive delete link more

Comments

It wont go through as a filter. But the filter you gave, does it check if the whole byte equals to 1, or does it just check if the last three bits equals 1? I only care about those three bits, the other bits in the data section can be whatever :)

Mr Krisey gravatar imageMr Krisey ( 2021-03-25 11:55:08 +0000 )edit

Never mind, I guess the and operation tells which bit I want to see equals to "1". But still, the filter wont go through. If i remove " == 1" the filter goes through thou.

Mr Krisey gravatar imageMr Krisey ( 2021-03-25 11:58:06 +0000 )edit

Oops. my mistake, you can't compare the result of a bitwise and, so split it into two ops, check the first bit is set and then check the second 2 bits are unset. I've edited the answer.

grahamb gravatar imagegrahamb ( 2021-03-25 12:05:08 +0000 )edit

you can't compare the result of a bitwise and

It would be a nice Wireshark enhancement to support this though. See also: https://ask.wireshark.org/question/21...

cmaynard gravatar imagecmaynard ( 2021-03-25 13:18:36 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-03-25 11:33:59 +0000

Seen: 1,636 times

Last updated: Mar 25 '21

Related questions

Now that the g.729 codec patent has expired, will Wireshark include a decoder for it?

Having issues with RTP not showing up in Voip Calls flow sequence in version 2.4.2.

RTP player playback issue

Registering RTP dissector for PCMU Payload Type 0

convert RTP to TS

player button

Decode TURN Traffic as RTP

Decoding RTP packet - Unknown RTP version 0

Why does RTP Streams have 0 streams under the Telephony main menu. I started a capture, made an actual call, ended the call, ended the capture.

Wireshark freezes when I hit Play Streams

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2