Wireshark-users: Re: [Wireshark-users] Σχετ: wireshark display filters: display range of termina

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Emanuel Fleishman <Emanuel.Fleishman@xxxxxxxxxx>
Date: Thu, 13 Oct 2011 16:21:13 +0000

Just following on the George's proposal,

could you please try the following _expression_ WRT to megaco.termid range:

 

        megaco.termid[5:] gt "0"  &&  megaco.termid[5:] lt "41"

 

according to http://www.wireshark.org/docs/man-pages/wireshark-filter.html 

notation

     [i:]     start_offset = i, end_offset = end_of_field

 

e.g megaco.termid[5:] is expected to select substrings starting from the 6th character in "port_XYZ"

       

 

 

 

If this doesn't work, could you please try more verbose approach:

 

     megaco.termid[6] == 0           // indicates string of length 6 such as "port_X"

or

     megaco.termid[7] == 0           // indicates string of length 6 such as "port_XY"

     and one of the following

        megaco.termid[5] == "1"        // selects strings with pattern "xxxxx1x" in particular "port_1x"

        megaco.termid[5] == "2"

        megaco.termid[5] == "3"

        megaco.termid[5] == "4"

 

BR/Emanuel

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [wireshark-users-bounces@xxxxxxxxxxxxx] on behalf of George [hgsal@xxxxxxxx]
Sent: Thursday, October 13, 2011 2:32 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command

Hi Manoli,

Just a hind from my side, if you want to try with this.
In http://wiki.wireshark.org/CaptureFilters i have find the following filter : 
(tcp[0:2] > 1500 and tcp[0:2] < 1550)

i have tried this but is not clear to me which values are acceptable after tcp[0:2] >.
as 0:2 are the bytes for source and dest ports, in my try source was 2&3 and dest 3&4.

Regards,
George

Απο: Manolis Katsidoniotis <manoska@xxxxxxxxx>
Προς: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Στάλθηκε: 1:48 μ.μ. Πέμπτη, 13 Οκτωβρίου 2011
Θεμα: Re: [Wireshark-users] wireshark display filters: display range of termination ids in one command

thanks Martin

yes that's true
I put this more like an example of what I want to do
(of course I tried it since you never know how smart is a filter)

I saw some expressions of type
h248.termList

but am not aware of exactly how to use them.

Anyone who has even used them before?

thanks
Manolis


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



This mail was received via Mail-SeCure System.


This mail was sent via Mail-SeCure System.