Wireshark-dev: Re: [Wireshark-dev] filters & diameter

From: "Martin Mathieson" <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Tue, 10 Jul 2007 17:50:21 +0100
There are several ways this could be tackled:

(1) A script.  Export capture to PDML, parse output and match/check
them yourself
(2) We could add a new filterable field, diameter.avp, whose type was
hex data.  You could right-click to create a filter for that AVP, then
edit the last word to check for the value you want (you could sort of
do this now, but it would only filter at a fixed position within the
message)
(3) The diameter dissector could be changed to generate filterable
fields for each AVP.  Then you could filter on e.g.

diameter.avp.Role-of-Node.value == 1

I could do (2), but I'm not volunteering for (3).

Martin

On 7/10/07, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
Hi Christian,

As you are probably aware, version 0.99.6 came out a few days back
which I am sure has several fixes, including those for the diameter
dissector. Have you tried using the latest version?

Hope this helps,
Abhik.

On 7/10/07, cco <cristian.constantin@xxxxxxxxx> wrote:
> hi!
>
> has anyone tested a filter like this:
>
> (diameter.avp.code == 829) && (diameter.avp.data.uint32 == 1)
>
> is it suppossed to work? is it actually working in your config/ver?
> in my version, it does not in the sense that it will always show all the
> diameter commands having an avp with the code 829 but _not_ the ones
> in which this avp has the value 1.
>
> I am using Version 0.99.4 / linux
>
> thanks!
> bye now!
> cristian
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev