On 10/18/2010 04:07 AM, Stephen Fisher wrote:
> On Thu, Oct 14, 2010 at 03:47:43PM +0200, Alexander 'Leo' Bergolth wrote:
>> Is there a way to display the text representation of an ldap
>> search-filter using tshark?
>>
>> I tried -e ldap.filter but this is only a 32 bit filter element (only
>> the first filter element). Is there another display filter or a
>> function that displays a human readable version of the whole
>> search-filter?
>
> The source code has a list of possible values for the ldap.filter
> number:
>
> { 0, "and" },
> { 1, "or" },
> { 2, "not" },
> { 3, "equalityMatch" },
> { 4, "substrings" },
> { 5, "greaterOrEqual" },
> { 6, "lessOrEqual" },
> { 7, "present" },
> { 8, "approxMatch" },
> { 9, "extensibleMatch" },
>
> Are these values you're trying to display? I don't think it's possible
> in tshark right now, although I thought I saw a request for that and
> possibly even work toward it not too long ago. Wireshark displays
> those text strings in the custom columns now.
Actually I was trying to display a string representation of the whole
search filter, not just the initial "search operator".
Something like the line that the "tshark -V" output displays for an ldap
search filter:
Filter: (&(objectclass=wuDepartment)(departmentNumber=3789))
Cheers,
--leo
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria