Wireshark · Wireshark-dev: Re: [Wireshark-dev] Display filter

Wireshark-dev: Re: [Wireshark-dev] Display filter

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 18 Dec 2008 11:01:01 -0500



Spam4Me wrote:

Hello,
I'm thinking about new way of filtering displayed packets which would besomething like conversation filter of 'follow TCP stream'
but not limited to any criteria
I would give parameter with it value and field name from the same fram e.g.:
#1: gsm_map.address.digits == "48123456789"
#2: tcap.tid
Wireshark would then search any packet which has gsm_map.address.digits== "48123456789"and take the value of tcap.tid from this packet an use it as a displayfilter.So if there will be three messages with gsm_map.address.digits =="48123456789"the packet list would display all packets where tcap.tid == #1 ||tcap.tid == #2 || tcap.tid == #3
Right now i apply diplay filter: gsm_map.address.digits == "48123456789"
and then take any packet which I see in list, right click on tcap.tidand Prepare a filter -> (or) Selected
It would save me many clicks


MATE:

http://wiki.wireshark.org/Mate

would probably help you do a lot of that.

References:
- [Wireshark-dev] Display filter
  - From: Spam4Me

Prev by Date: Re: [Wireshark-dev] Wireshark licence terms and dissectors
Next by Date: Re: [Wireshark-dev] Problem in adding another dissector under a added one
Previous by thread: [Wireshark-dev] Display filter
Next by thread: [Wireshark-dev] Wireshark licence terms and dissectors
Index(es):
- Date
- Thread