Re: Defining global filters?

[Michal Orynicz <michal.orynicz () tieto com>]

Maybe better provide a mechanism to display a {wildcard}.field, where the
field just has to have the same name? If I understand correctly, You want
to get some fixed filters, which will have to be manually expanded if
someone finds a couple of identical fields in different types of frames,
which have the same meaning.

Another idea would be adding a mechanism for conditional values in columns.
"If this protocol show this field, if this protocol show that field."


On 18 August 2014 15:46, Anders Broman <anders.broman () ericsson com> wrote:

>  Hi,
>
> How to define filters and display the data of fields that may occur in
> multiple protocols? One example is IMSI ( International Mobile Subscriber
> identity) that exists in multiple 3GPP and 3GPP2 protocols, following a
> call flow through the system it could be interesting to filter on
>
> IMSI across multiple protocols to build a filter covering all messages in
> the call flow.
>
>
>
> Suggestion:
>
>
>
> Create global_filters.[ch] in epan/dissectors or (packet-global_filters?)
> define functions to parse the data there and/or export the hf
>
> Variable to be used in the protocol dissectors.
>
>
>
> From GTPv2 current:
>
> :
>
> International Mobile Subscriber Identity (IMSI) : 262021030000050
>
> IE Type: International Mobile Subscriber Identity (IMSI) (1)
>
> IE Length: 8
>
> 0000 .... = CR flag: 0
>
> .... 0000 = Instance: 0
>
> IMSI(International Mobile Subscriber Identity number): 262021030000050
>
> :
>
>
>
> New
>
> International Mobile Subscriber Identity (IMSI) : 262021030000050
>
> IE Type: International Mobile Subscriber Identity (IMSI) (1)
>
> IE Length: 8
>
> 0000 .... = CR flag: 0
>
> .... 0000 = Instance: 0
>
> IMSI(International Mobile Subscriber Identity number): 262021030000050
>
> [Global filter IMSI : 262021030000050]
>
>
>
> Comments?
>
>
>
> Regards
>
> Anders
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe



-- 
Pozdrawiam / Best regards
Michał Orynicz, Software Engineer
Tieto Corporation

Product Development Services

http://www.tieto.com / http://www.tieto.pl
---
ASCII: Michal Orynicz
location: Swobodna 1 Street, 50-088 Wrocław, Poland
room: 5.01 (desk next to 5.08)
---
Please note: The information contained in this message may be legally
privileged and confidential and protected from disclosure. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorised use, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to
the message and deleting it from your computer. Thank You.
---
Please consider the environment before printing this e-mail.
---
Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
812023656. Kapitał zakładowy: 4 271500 PLN

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe