Generation of display filter based on a field in the pcap

[Rohit Mediratta <rohit_medi () hotmail com>]

Hi,
  I am trying to generate a display filter which is based on the the value of a TLV within the pcap.
Let me provide an example of a display filter I am trying to generate in the pcap that I have.

1. Packet A has a TLV with value1 and another TLV with value2.
2. Packet B has a TLV with value2 and a TLV with value3.
3. Packet C has a TLV with value3.
4. Packet D has a TLV with value2.

I'd like my display filter to be
"special_display_filter == value1"
When I apply this filter, I'd like all 4 packets to be displayed.

This is, ofcourse, my view of how I can achieve this. If there is another methodology to achieve my aim of displaying 
all packets related to Packet A, then please enlighten me.


My final goal is to update the flow_graph to view all 4 packets, when I select "packet flow for any packets related to 
Packet A". If someone can provide any pointers/hints that would be useful.

thanks in advance,
Rohit



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe