On Apr 17, 2008, at 1:56 AM, Sudharsanan Ranganathan wrote:
How do I put a filter rule to check on specific message types during
TCP transactions for file download?
For ex. If I have msg_request, msg_accept, msg_reject. How to
identify specific message types from a wireshark capture?
There's no easy way to do that in a capture filter.
In a display filter, however, *if* the protocol that has those message
types makes the message type a filterable field, you can compare the
value of that field against the value corresponding to a particular
message type. You can either compare the numerical value of the
filterable field, for example
smb.cmd == 0x0
or, if the field has associated with it a list of names corresponding
to the values, compare with the name as a string, for example
smb.cmd == "Create Directory"
(both of which will compare the value of the "smb.cmd" field with 0,
as 0 is the code for the SMB "Create Directory" request).