Packet Dissection

The BLTP Dissector automatically decodes all fields in a BLTP packet, including the base header and any extension headers.

Display Filter Tags

Base Header Fields

Filter Tag	Description	Type	Example Usage
bltp.base	Base Header section	Group	bltp.base
bltp.seq	Sequence Number	uint32	bltp.seq == 12345
bltp.ack	Acknowledgment Number	uint32	bltp.ack > 1000
bltp.window	Receive Window	uint32	bltp.window != 0
bltp.next_header	Next Header Type	uint32	bltp.next_header == 1

Extension Headers

Generic Extension Header Fields

Filter Tag	Description	Type	Example Usage
bltp.ext	Extension Header section	Group	bltp.ext
bltp.ext.length	Extension Header Length	uint32	bltp.ext.length > 0
bltp.ext.data	Extension-Specific Data	bytes	bltp.ext.data
bltp.ext.next_header	Next Header in chain	uint32	bltp.ext.next_header == 0

Handshake Header Fields

Filter Tag	Description	Type	Example Usage
bltp.handshake	Handshake Header section	Group	bltp.handshake
bltp.handshake.supported_header	Supported Header Types	uint32	bltp.handshake.supported_header == 2

FIN/RST Header Fields

Filter Tag	Description	Type	Example Usage
bltp.finrst	FIN/RST Header section	Group	bltp.finrst
bltp.finrst.code	Error Code	uint32	bltp.finrst.code != 0
bltp.finrst.msg	Error Message	string	bltp.finrst.msg contains "timeout"

Debug Header Fields

Filter Tag	Description	Type	Example Usage
bltp.debug	Debug Header section	Group	bltp.debug

Payload

Filter Tag	Description	Type	Example Usage
bltp.payload	Packet Payload	bytes	bltp.payload[5] == 0x42

Malformed Packets

The plugin tries to decode all BLTP packets, even trying to recover from malformed packets.

When a packet contains malformed data, the packet will be highlighted in red and an explanation will be provided in the packet details pane. You can filter for these packets using the bltp.malformed filter tag.