Wireshark · Wireshark-users: [Wireshark-users] Display Filter frame

Wireshark-users: [Wireshark-users] Display Filter frame - how do that work?

From: Jürgen Dietl <juergen.dietl@xxxxxxxxxxxxxx>

Date: Wed, 15 Dec 2010 15:04:50 +0100

Hello,

today I made a trace and I wanted to see all the DHCPNAK.

For this I found a filter:

frame[282:3] == 35:01:06

It works perfect. But my question is how is this filter defined.

For example frame[282:3] == 35:01:02 would be DHCPOFFER.

So {282:3] must be then DHCP. But how is that defined? Is that an offset? some bit? just a fix list?

and what is 35:01:06.

Any help would be greatly appreciated.

thanx a lot and have a nice day,

cheers,
Juergen

Follow-Ups:
- Re: [Wireshark-users] Display Filter frame - how do that work?
  - From: Marco Simone Zuppone
- Re: [Wireshark-users] Display Filter frame - how do that work?
  - From: Jaap Keuter

Prev by Date: Re: [Wireshark-users] Wireshark Crash--Error:lua5.1.dll Offset:0000c572
Next by Date: [Wireshark-users] who sends RST packets? UNIX box or application? Troubleshooting hints?
Previous by thread: Re: [Wireshark-users] Wireshark Crash--Error:lua5.1.dll Offset:0000c572
Next by thread: Re: [Wireshark-users] Display Filter frame - how do that work?
Index(es):
- Date
- Thread