Wireshark mailing list archives

Re: Defining global filters?

From: mmann78 () netscape net
Date: Mon, 18 Aug 2014 14:23:47 -0400 (EDT)


Is the list of protocols that IMSI goes across finite?  Don't you really just want a "Conversation filter" that would 
be generated to include all the necessary protocols?  The registering dissector has control over how the filter is 
constructed.  Perhaps modify "Conversation filter menu item" to have 1-many relationship instead of current 1-1 if the 
necessary "dissector/filter data" can't otherwise be centrally handled?
 
 
 
 
-----Original Message-----
From: Anders Broman <anders.broman () ericsson com>
To: wireshark-dev <wireshark-dev () wireshark org>
Sent: Mon, Aug 18, 2014 9:48 am
Subject: [Wireshark-dev] Defining global filters?



Hi,
How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( 
International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow 
through the system it could be interesting to filter on
IMSI across multiple protocols to build a filter covering all messages in the call flow.
 
Suggestion:
 
Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there 
and/or export the hf
Variable to be used in the protocol dissectors.
 
From GTPv2 current:
:
International Mobile Subscriber Identity (IMSI) : 262021030000050
IE Type: International Mobile Subscriber Identity (IMSI) (1)
IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
:
 
New
International Mobile Subscriber Identity (IMSI) : 262021030000050
IE Type: International Mobile Subscriber Identity (IMSI) (1)
IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
[Global filter IMSI : 262021030000050]
 
Comments?
 
Regards
Anders
 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Defining global filters? Anders Broman (Aug 18)
- Re: Defining global filters? Michal Orynicz (Aug 18)
- Re: Defining global filters? mmann78 (Aug 18)
- Re: Defining global filters? Jeff Morriss (Aug 18)
  - Re: Defining global filters? Anders Broman (Aug 19)
    - Re: Defining global filters? Jeff Morriss (Aug 21)
- Re: Defining global filters? Kukosa, Tomas (Aug 18)
  - Re: Defining global filters? Anders Broman (Aug 19)