Coudln't he use slices? Something like "frame[30-33] == 1:3:58:59" (in
hex really but) or what fits his purposes.
On Tue, 15 May 2007 09:51:20 -0700, "Guy Harris" <guy@xxxxxxxxxxxx>
said:
> Stefan Puiu wrote:
>
> > Is it possible (with this wireshark version) to specify a filter along the
> > lines of "all packets that carry option x with value y"?
> > As far as I can tell, all I can currently specify is "one packet that
> > has one option type x and one option with value y", but not the same.
>
> Unfortunately, not in general - the BOOTP/DHCP dissector doesn't have
> separate named fields for the values of all options it knows about.
>
> > Example filters I would need:
> >
> > - all DHCPDISCOVER packets that carry option 55 (parameter request list)
> > with a certain value in the respective option (e.g. 1,3,58,59 being the
> > sequence of values)
>
> Unfortunately, there isn't a named field for the value of option 55, so
> you can't filter on that.
>
> > - all DHCPOFFER/DHCPACK packets without option 3
>
> Similarly, there isn't a named field for the value of option 53, so you
> can't filter on the DHCP message type.
>
> This should probably be fixed.
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
--
Hans Nilsson
hasse_gg@xxxxxxxx
--
http://www.fastmail.fm - Email service worth paying for. Try it for free