Re: Display filters for application protocols

[Lukáš Oliva <olivalukas () gmail com>]

  Hello Sake,
actually trying it just now. Actually it seems as interesting idea.

  Lukas


2011/3/8 Sake Blok <sake () euronet nl>:
> On 8 mrt 2011, at 19:43, Lukáš Oliva wrote:
>
> > actually this is what I somehow expected. Is there a way how to filter
> > out just the packets I want? Like: filter out all frames containing
> > LIR message but display only LIR messages?
>
> I think you can do it with:
>
> diameter.cmd.code==302 and not diameter.cmd.code!=302
>
>
> > I mean could I somehow
> > filter this using capture filters (I think this is not possible, but
> > just for sure)
>
> Capture filters are limited to (reasonably) fixed offsets to look for stuff, so it will not work with capture 
> filters....
>
> > or how to use display filters with some more precise
> > configuration saying display LIR messages only?
>
> Why don't you give the above filter a shot and if it does not work, send a little tracefile with the frame you DO and 
> the frames you DON'T want and I'll give it another shot...
>
> Cheers,
>
>
> Sake
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe