ip.flags.sf not supported?

DisplayFilters
ipv4
retag add tags

I'm running wireshark 2.4.6. I see that 'ip.flags.sf' is listed as supported in the docs, but when I actually try to use this display filter it doesn't give expected results:

'ip.flags.sf' is accepted, but doesn't match any ipv4 packets 'ip.flags.sf==0' also is accepted but doesn't match anything

Drilling down in an ipv4 packet, I see flags expanded into the bits for reserved, DF, and MF: no mention of the security flag. I've done a bit of online searching, and haven't been able to find any references to the 'security' flag outside of this 15-year-old rfc: https://datatracker.ietf.org/doc/rfc3....

So does anyone know the status of this flag and the corresponding display filter identifier?

tdodd

asked 2018-04-18 19:04:21 +0000

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

Sort by

oldest

newest

most voted

RFC 3514, which you already found, is the whole story. Before you enable the preference or try to filter on that field, go back to RFC 3514 and note the date that it was issued.

7.5k

Jim Aragon

answered 2018-04-18 23:34:37 +0000

edit flag offensive 0 remove flag delete link

Comments

Thanks. I did notice the date. I just didn't get the joke.

tdodd (2018-04-19 13:05:40 +0000) edit

add a comment see more comments

This field becomes available only when explicitly enabled in the preferences.

13.7k

Jaap

answered 2018-04-18 20:09:44 +0000

edit flag offensive 0 remove flag delete link

Comments

Thank you!

tdodd (2018-04-18 21:38:39 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

ip.flags.sf not supported? edit

Comments

2 Answers

Comments

Comments