Re: display text representation of ldap.filter in tshark

[Alexander 'Leo' Bergolth <leo () strike wu ac at>]

On 10/18/2010 04:07 AM, Stephen Fisher wrote:
> On Thu, Oct 14, 2010 at 03:47:43PM +0200, Alexander 'Leo' Bergolth wrote:
> > Is there a way to display the text representation of an ldap 
> > search-filter using tshark?
> >
> > I tried -e ldap.filter but this is only a 32 bit filter element (only 
> > the first filter element). Is there another display filter or a 
> > function that displays a human readable version of the whole 
> > search-filter?
>
> The source code has a list of possible values for the ldap.filter 
> number:
>
>   { 0, "and" },
>   { 1, "or" },
>   { 2, "not" },
>   { 3, "equalityMatch" },
>   { 4, "substrings" },
>   { 5, "greaterOrEqual" },
>   { 6, "lessOrEqual" },
>   { 7, "present" },
>   { 8, "approxMatch" },
>   { 9, "extensibleMatch" },
>
> Are these values you're trying to display?  I don't think it's possible 
> in tshark right now, although I thought I saw a request for that and 
> possibly even work toward it not too long ago.  Wireshark displays 
> those text strings in the custom columns now.

Actually I was trying to display a string representation of the whole
search filter, not just the initial "search operator".

Something like the line that the "tshark -V" output displays for an ldap
search filter:

           Filter: (&(objectclass=wuDepartment)(departmentNumber=3789))

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe