Wireshark mailing list archives

Re: Defining global filters?

From: Anders Broman <anders.broman () ericsson com>
Date: Tue, 19 Aug 2014 08:29:43 +0000



-----Original Message-----

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Kukosa, Tomas
Sent: den 19 augusti 2014 08:20
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Defining global filters?

Hi Anders,

just one idea, what about introducing some "fields nicknames" configuration file instead of creating hardcoded 
global_filters.[ch]:
--- fields_nicknames.txt ---
gtp.imsi xgtp.imsi
gtpv2.imsi xgtp.imsi
---

It would allow users to define also own nicknames.

Best regards,
 Tomas

Interesting concept, I'm not sure how that should be implemented though.
Regards
Anders

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Anders Broman
Sent: Monday, August 18, 2014 15:46
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Defining global filters?

Hi,
How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( 
International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow 
through the system it could be interesting to filter on IMSI across multiple protocols to build a filter covering all 
messages in the call flow.

Suggestion:

Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there 
and/or export the hf Variable to be used in the protocol dissectors.

From GTPv2 current:

:
International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity 
(IMSI) (1) IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
:

New
International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity 
(IMSI) (1) IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050 [Global filter IMSI : 262021030000050]

Comments?

Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Defining global filters? Anders Broman (Aug 18)
- Re: Defining global filters? Michal Orynicz (Aug 18)
- Re: Defining global filters? mmann78 (Aug 18)
- Re: Defining global filters? Jeff Morriss (Aug 18)
  - Re: Defining global filters? Anders Broman (Aug 19)
    - Re: Defining global filters? Jeff Morriss (Aug 21)
- Re: Defining global filters? Kukosa, Tomas (Aug 18)
  - Re: Defining global filters? Anders Broman (Aug 19)