diff options
| author | Olivier Biot <obiot.ethereal@gmail.com> | 2004-03-24 00:38:34 +0000 |
|---|---|---|
| committer | Olivier Biot <obiot.ethereal@gmail.com> | 2004-03-24 00:38:34 +0000 |
| commit | 8cb3cdec6002c722e96d02242ab5b23afb87afdf (patch) | |
| tree | 2c34bb69bb676588a4a9b794ddfc845e31b561f5 /doc | |
| parent | 121f06fab70d77c4babb512924b2b8d3c3921944 (diff) | |
| download | wireshark-8cb3cdec6002c722e96d02242ab5b23afb87afdf.tar.gz wireshark-8cb3cdec6002c722e96d02242ab5b23afb87afdf.tar.bz2 wireshark-8cb3cdec6002c722e96d02242ab5b23afb87afdf.zip | |
Add a description for the bitwise_and (&) operator.
svn path=/trunk/; revision=10471
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ethereal-filter.pod.template | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/ethereal-filter.pod.template b/doc/ethereal-filter.pod.template index 9ce2c00f68..fe455fd142 100644 --- a/doc/ethereal-filter.pod.template +++ b/doc/ethereal-filter.pod.template @@ -238,6 +238,29 @@ You can create complex concatenations of slices using the comma operator: field[1,3-5,9:] == 01:03:04:05:09:0a:0b +=head2 Bit field operations + +It is also possible to define tests with bit field operations. Currently the +following bit field operation is supported: + + bitwise_and, & Bitwise AND + +The bitwise AND operation allows testing if one or more bits are set. +Bitwise AND operates on integer protocol fields and slices. + +When testing for TCP SYN packets, once can write: + + tcp.flags & 0x02 + +Similarly, filtering for all WSP GET and extended GET methods is achieved with: + + wsp.pdu_type & 0x40 + +When using slices, the bit mask must be specified as byte string, and it must +have the same number of bytes as the slice itself, as in: + + ip[42:2] & 40:ff + =head2 Logical expressions All the above tests can be combined together with logical expressions. |