diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2012-02-29 05:58:45 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2012-02-29 05:58:45 +0000 |
| commit | 7f96d94b7c97ba890ba90dd4c55b5d231fd08262 (patch) | |
| tree | 0ff1426afad5cc2f09ab13b46528de9b865d611c /doc | |
| parent | 9bdde5216f3ec31d4a02329423708288c57329c3 (diff) | |
| download | wireshark-7f96d94b7c97ba890ba90dd4c55b5d231fd08262.tar.gz wireshark-7f96d94b7c97ba890ba90dd4c55b5d231fd08262.tar.bz2 wireshark-7f96d94b7c97ba890ba90dd4c55b5d231fd08262.zip | |
From Gilbert Ramirez: When filtering on a single-byte byte-array-slice, using a normal hex string would be nice
svn path=/trunk/; revision=41232
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/wireshark-filter.pod | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/doc/wireshark-filter.pod b/doc/wireshark-filter.pod index c91eb35143..2a878680e6 100644 --- a/doc/wireshark-filter.pod +++ b/doc/wireshark-filter.pod @@ -253,7 +253,18 @@ or frame[-4:] == 0.1.2.3 -You can concatenate slices using the comma operator: +A slice is alwasy compared against either a string or a byte sequence. +As a special case, when the slice is only 1 byte wide, you can compare +it against a hex integer that 0xff or less (which means it fits inside +one byte). This is not allowed for byte sequences greater than one byte, +because then one would need to specify the endianness of the multi-byte +integer. Also, this is not allowed for decimal numbers, since they +would be confused with hex numbers that are already allowed as +byte strings. Neverthelss, single-byte hex integers can be convienent: + + frame[4] == 0xff + +Slices can be combined. You can concatenate them using the comma operator: ftp[1,3-5,9:] == 01:03:04:05:09:0a:0b |