Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

PDML output


I am trying to understand the PDML output from Wireshark. For example, I have an output:

<field name="goose.confRev" showname="confRev: 1" size="1" pos="118" show="1" value="01"/>

And according to the documentation in the Wireshark repo, show is the value we can use for the filter.

My question is, when I have this output for a malformed packet

<field name="" showname="Severity level: Error" size="0" pos="0" show="8388608"/>

<field name="" showname="Group: Malformed" size="0" pos="0" show="117440512"/>

is there any special meaning behind the value of show (8388608, 117440512), just like 404 HTTP response.

Best regards