Abhik,
Thanks for the info but I already know how to do that. What I am trying to do
is filter on ALL of the BEGIN and END messages because we are troubleshooting
to see if any of the END messages are missing. Going through each BEGIN to
find all END's would be way to time consuming :(
Is there any way to do CDR's in Wireshark? That would work well also.
Thanks,
Mike
-----Original Message-----
From: Abhik Sarkar [mailto:sarkar.abhik@xxxxxxxxx]
Sent: Sunday, July 19, 2009 12:47 PM
To: mike.pierotti@xxxxxxxxxxxxxxxxx; Community support list for Wireshark
Subject: Re: [Wireshark-users] Need assistance in creating a display filter
Hi Michael,
Once you have the capture and have found the BEGIN, expand the TCAP
portion in the packet details pane, bring up the context menu for the
transaction ID and select 'apply as filter selected'.
That should show you all (captured) MSU's with the same transaction ID.
HTH
Abhik
On 7/17/09, Michael R. Pierotti <mike.pierotti@xxxxxxxxxxxxxxxxx> wrote:
> I am fairly new to Wireshark when it comes to capturing SIGTRAN and need
> assistance in creating a display filter.
>
>
>
> What I am attempting to do is capture the TCAP BEGIN with OpCode 66
> (readyForSM) and all related TCAP ENDS or TCAP ERRORS for those messages.
> Any ideas on how this may be accomplished?
>
>
>
> Thanks,
>
>
>
> Michael R. Pierotti
> GSM/WCDMA Core and Packet Senior System Engineer
>
> cid:[email protected]
>
>
>
> Direct:+1.671.686.9423
>
> Office: +1.671.688.2355, ext. 721
>
> NOC: +1.671.688.2355 ext 760 (24/7, GMT+10)
> Wireless: +1.671.988.0369
>
> GSM: +1.671.788.0369
> Facsimile: +1.671.646.0627
> E-mail: <mailto:mike.pierotti@xxxxxxxxxxxxxxxxx>
> mike.pierotti@xxxxxxxxxxxxxxxxx
>
>
>
>
--
Sent from my mobile device
Attachment:
smime.p7s
Description: S/MIME cryptographic signature