Stefan Puiu wrote:
Is it possible (with this wireshark version) to specify a filter along the
lines of "all packets that carry option x with value y"?
As far as I can tell, all I can currently specify is "one packet that
has one option type x and one option with value y", but not the same.
Unfortunately, not in general - the BOOTP/DHCP dissector doesn't have
separate named fields for the values of all options it knows about.
Example filters I would need:
- all DHCPDISCOVER packets that carry option 55 (parameter request list)
with a certain value in the respective option (e.g. 1,3,58,59 being the
sequence of values)
Unfortunately, there isn't a named field for the value of option 55, so
you can't filter on that.
- all DHCPOFFER/DHCPACK packets without option 3
Similarly, there isn't a named field for the value of option 53, so you
can't filter on the DHCP message type.
This should probably be fixed.