Wireshark-dev: Re: [Wireshark-dev] Conversation filters
Actually, what I suggested will only give one side of the conversa\tion that you're interested in. However,
(ip.addr==ADDR1 and tcp.port==PORT1) and (ip.addr=ADDR2 and tcp.port==PORT2)
should do the trick.
Andy.
Andy Lawman
<ALawman@xxxxxxxxxxx>
| Andy Lawman <ALawman@xxxxxxxxxxx>
Please respond to : Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx
|
Try somthing along the lines of ip.src="" and ip.dst=ADDR2 and tcp.srcport==PORT1 and tcp.dstport==PORT2.
So not a bug.
Andy.
"Kukosa,
Tomas" <tomas.kukosa@xxxxxxxxxxx>
| "Kukosa, Tomas"
<tomas.kukosa@xxxxxxxxxxx>
Please respond to : Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx
|
If I filter conversation from the context menu or the Conversations dialog
it crates filter in following way (or similar):
ip.addr==ADDR1 and ip.addr=ADDR2 and tcp.port==PORT1 and tcp.port==PORT2
Unfortunaty it matches to two TCP streams ADDR1:PORT1<->ADDR2:PORT2
and ADDR1:PORT2<->ADDR2:PORT1
and if I have both of them in one file it is not easy to filter them from
conversations menu.
Was it an intention or is it a bug?
If it is a bug what another filter style should we generate?
Regards,
Tomas
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the
use of the addressee/s above. It may contain information which is
privileged, confidential or otherwise protected from disclosure under applicable
laws. If the reader of this transmission is not the intended recipient,
you are hereby notified that any dissemination, printing, distribution,
copying, disclosure or the taking of any action in reliance on the contents
of this information is strictly prohibited. If you have received
this transmission in error, please immediately notify us by reply e-mail
or using the address below and delete the message and any attachments from
your system.
Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow,
Middlesex, TW6 2TA, Registered number 4040059_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the
use of the addressee/s above. It may contain information which is
privileged, confidential or otherwise protected from disclosure under applicable
laws. If the reader of this transmission is not the intended recipient,
you are hereby notified that any dissemination, printing, distribution,
copying, disclosure or the taking of any action in reliance on the contents
of this information is strictly prohibited. If you have received
this transmission in error, please immediately notify us by reply e-mail
or using the address below and delete the message and any attachments from
your system.
Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow,
Middlesex, TW6 2TA, Registered number 4040059
- Follow-Ups:
- Re: [Wireshark-dev] Conversation filters
- From: Kukosa, Tomas
- Re: [Wireshark-dev] Conversation filters
- References:
- Re: [Wireshark-dev] Conversation filters
- From: Andy Lawman
- Re: [Wireshark-dev] Conversation filters
- Prev by Date: Re: [Wireshark-dev] Build error: NMAKE : fatal error U1077: 'sed'
- Next by Date: Re: [Wireshark-dev] Conversation filters
- Previous by thread: Re: [Wireshark-dev] Conversation filters
- Next by thread: Re: [Wireshark-dev] Conversation filters
- Index(es):