Ethereal-dev: [Ethereal-dev] PDML value for sub fields less than 1 byte

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: <vasanth.manickam@xxxxxx>
Date: Tue, 24 May 2005 15:01:07 +0100
Title: [Ethereal-dev] PDML value for sub fields less than 1 byte

I would kindly disagree with the opinion. The value field is supposed to be the actual packet data, in hex, that the field covers. But for fields less than 1 byte the fields covers the entire byte which is not the actual value of that field.

The problem with this is applications which process the xml file get the wrong value.

As you stated the show field can be used but this does not hold the actual data the field covers but the representation of the packet data in the display filter.

Vasanth Manickam


On 05/18/05, Gilbert Ramirez <gilbertr@xxxxxxxxx>  wrote:

>The "value" attribute gives the bytes from the packet that were used
>to create the value. The "show" attribute is what you want; it is the
>displayable value of the field. Yes, the attribute names aren't the
>best. But at least it's documented. See doc/README.xml-output:
>
>The "<field>" tag
>=================
>"<field>" tags can have the following attributes:
>
>    name - the display filter name for the field
>    showname - the label used to describe this field in the protocol
>        tree. This is usually the descriptive name of the protocol,
>        followed by some represention of the value.
>    pos - the starting offset within the packet data where this
>            field starts
>    size - the number of octets in the packet data that this field
>            covers.
>    value - the actual packet data, in hex, that this field covers
>    show - the representation of the packet data ('value') as it would
>       appear in a display filter.
>
>--gilbert



On 5/11/05, vasanth.manickam@xxxxxx <vasanth.manickam@xxxxxx> wrote:



>
> I am using the pdml generated using ethereal as input for various
> applications.. The problem I am facing is with sub fields which are less
> than 1 byte (Boolean values).  The value field in the xml file displays the
> value for the whole byte and not the Boolean value 1 or 0. Is there a way to
> fix it..
>
> Example:-
>
> <field name="tcp.flags" showname="Flags: 0x0018 (PSH, ACK)" size="1"
> pos="47" show="0x18" value="18">
>         <field name="tcp.flags.cwr" showname="0... .... = Congestion Window
> Reduced (CWR): Not set" size="1" pos="47" show="0" value="18" />
>
>         <field name="tcp.flags.ecn" showname=".0.. .... = ECN-Echo: Not set"
> size="1" pos="47" show="0" value="18" />
>         <field name="tcp.flags.urg" showname="..0. .... = Urgent: Not set"
> size="1" pos="47" show="0" value="18" />
>         <field name="tcp.flags.ack" showname="...1 .... = Acknowledgment:
> Set" size="1" pos="47" show="1" value="18" />
>
>         <field name="tcp.flags.push" showname=".... 1... = Push: Set"
> size="1" pos="47" show="1" value="18" />
>         <field name="tcp.flags.reset" showname=".... .0.. = Reset: Not set"
> size="1" pos="47" show="0" value="18" />
>         <field name="tcp.flags.syn" showname=".... ..0. = Syn: Not set"
> size="1" pos="47" show="0" value="18" />
>         <field name="tcp.flags.fin" showname=".... ...0 = Fin: Not set"
> size="1" pos="47" show="0" value="18" />
> </field>
>
>  All the value fields have 18 as their value but for the sub fields it
> should be just 0 or 1 isn't it...