This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to dissect a packet with offset 20 in the dissect function

0

I am new to this dissector coding.please help me in solving this.Here is my sample code.I wanted to dissect a 4 byte. By taking first 20 bits for i bit and next 12 bits for j bit.But I didnt get the correct value when printed in decimal.

I tried using tvb_get_htonl function instead of tvb_get_guint8 function in the below code.But I didnt get correct result.

Please let me know how to dissect this 4 byte data.

dissect() {

proto_tree_add_uint(tree, hf_i_bit,tvb,offset,4,(tvb_get_guint8( tvb,offset & 0xFFFFF000) >> 12));

proto_tree_add_uint(tree,hf_ j_bit,tvb,offset,2,tvb_get_guint8(tvb,offset &0x00000FFF)); }

proto_register{

{ &hf_ i_bit,

{ "i bit", "x.i", FT_UINT32, BASE_DEC,NULL, 0, NULL, HFILL } },

{ &hf_ j_bit,

{ "j bit", "x.j", FT_UINT16, BASE_DEC,NULL, 0, NULL, HFILL } }, }

asked 08 Apr '15, 22:17

lakshmi's gravatar image

lakshmi
16669
accept rate: 0%

edited 09 Apr '15, 01:50

One Answer:

0

Your code cannot as tvb_get_guint8 only retrieves a single byte (as indicated in the documentation). You should try something like:

dissect() {

proto_tree_add_item(tree, hf_i_bit,tvb,offset,4,ENC_BIG_ENDIAN);


proto_tree_add_uint(tree,hf_ j_bit,tvb,offset,2, ENC_BIG_ENDIAN); }


proto_register{


{ &hf_ i_bit,


{ "i bit", "x.i", FT_UINT32, BASE_DEC,NULL, 0xFFFFF000, NULL, HFILL } },


{ &hf_ j_bit,


{ "j bit", "x.j", FT_UINT16, BASE_DEC,NULL, 0x0FFF, NULL, HFILL } }, }

answered 09 Apr ‘15, 02:24

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

thanks,it worked..

(15 Apr ‘15, 04:28) lakshmi

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(15 Apr ‘15, 04:45) grahamb ♦