Hello George and Emanuel
It worked !!!!!
I have 760 ports.
From port_1 to port_760.
With the below filter,,
I can now see them in groups of 40 :))))))
with the SIP traffic that is generated on the other side.
(
ip.addr==10.85.227.168 && (
(megaco.termid[5:] gt "0") && (megaco.termid[5:] lt
"41") ) ) || (sip contains 46710020000)
Many thanks George and Emanuel !!!!!!!!!!!!
This is really very big help !!!!!!!!!!!!!!!!
Manolis
2011/10/13 Emanuel Fleishman
<Emanuel.Fleishman@xxxxxxxxxx>
Just following on the George's proposal,
could you please try the following _expression_ WRT to megaco.termid range:
megaco.termid[5:] gt "0" && megaco.termid[5:] lt "41"
according to
http://www.wireshark.org/docs/man-pages/wireshark-filter.html
notation
[i:] start_offset = i, end_offset = end_of_field
e.g megaco.termid[5:] is expected to select substrings starting from the 6th character in "port_XYZ"
If this doesn't work, could you please try more verbose approach:
megaco.termid[6] == 0 // indicates string of length 6 such as "port_X"
or
megaco.termid[7] == 0 // indicates string of length 6 such as "port_XY"
and one of the following
megaco.termid[5] == "1" // selects strings with pattern "xxxxx1x" in particular "port_1x"
megaco.termid[5] == "2"
megaco.termid[5] == "3"
megaco.termid[5] == "4"
BR/Emanuel
Hi Manoli,
Just a hind from my side, if you want to try with this.
(tcp[0:2] > 1500 and tcp[0:2] < 1550)
i have tried this but is not clear to me which values are acceptable after tcp[0:2] >.
as 0:2 are the bytes for source and dest ports, in my try source was 2&3 and dest 3&4.
Regards,
George
This mail was received via Mail-SeCure System.
This mail was sent via Mail-SeCure System.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe