Wireshark mailing list archives
Re: Display filters for application protocols
From: "news.gmane.com" <AndreasSander1 () gmx net>
Date: Tue, 8 Mar 2011 18:01:02 +0100
"Lukás Oliva" <olivalukas () gmail com> wrote in message news:AANLkTinczCeZZCCy5f_5WE8jVs6WNf63bObvxOc5mc2c () mail gmail com...
Hello to the community, I am doing some testing for the Diameter protocol and I noticed interesting behaviour of the display filters. I noticed that if I run tshark -r mypcap.pcap -R "diameter.cmd.code==302" then the output contains afterwards also Diameter packets with different diameter.cmd.code. I am not sure if it is actually a bug and how tshark handles this filtering for application protocols. E.g.: If there is a packet on containing more Diameter (or other application protocol) messages on IP (or possibly TCP) level, how is this will the display filter filter all of them? Just for the illustration: 1 TCP packet: Diameter message 1 (LIR), Diameter message 2 (MAR), Diameter message 3 (SAR) Running tshark -r mypcap.pcap -R "diameter.cmd.code==302" ... # so filtering out the LIR messages which have message code 302 Should the tshark produce a list of LIR messages only?
You write, you have one TCP packet with several diameter messages. A display filter defines which _packets_ should be displayed. But the display filter does not define which details of one packet is displayed. -- Andy
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Display filters for application protocols, (continued)
- Re: Display filters for application protocols Jeff Morriss (Mar 08)
- Re: Display filters for application protocols Lukáš Oliva (Mar 08)
- Re: Display filters for application protocols Jeff Morriss (Mar 08)
- Re: Display filters for application protocols Stephen Fisher (Mar 08)
- Re: Display filters for application protocols Lukáš Oliva (Mar 08)
- Re: Display filters for application protocols Lukáš Oliva (Mar 08)
- Re: Display filters for application protocols Guy Harris (Mar 08)
- Re: Display filters for application protocols Sake Blok (Mar 08)
- Re: Display filters for application protocols Guy Harris (Mar 08)
- Re: Display filters for application protocols Sake Blok (Mar 08)
- Re: Display filters for application protocols Lukáš Oliva (Mar 08)
- Re: Display filters for application protocols Jeff Morriss (Mar 08)