Wireshark-users: [Wireshark-users] Bitshifting With BPF in wireshark
Date: Thu, 18 Jun 2015 20:00:24 -0400
Hi, Write I have a question about BPF,
I have the following filter

tcp [((tcp [12] & 0xF0) >> 2): 4] = 0x12341234

My question is the following
(tcp [12] & 0xF0) >> 2

the bitshifting is performed clockwise to multiply the result of

(tcp [12] & 0xF0)

2 ^ 2

Why bitshifting is the right and not the left?

I saw filters where the IP header is made to the left as it should be .

thansk!.