Re: Display filters for application protocols

[Sake Blok <sake () euronet nl>]

On 8 mrt 2011, at 19:43, Lukáš Oliva wrote:

> actually this is what I somehow expected. Is there a way how to filter
> out just the packets I want? Like: filter out all frames containing
> LIR message but display only LIR messages?

I think you can do it with:

diameter.cmd.code==302 and not diameter.cmd.code!=302


> I mean could I somehow
> filter this using capture filters (I think this is not possible, but
> just for sure)

Capture filters are limited to (reasonably) fixed offsets to look for stuff, so it will not work with capture 
filters....

> or how to use display filters with some more precise
> configuration saying display LIR messages only?

Why don't you give the above filter a shot and if it does not work, send a little tracefile with the frame you DO and 
the frames you DON'T want and I'll give it another shot...

Cheers,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe