Re: [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command

[Emanuel Fleishman <Emanuel.Fleishman () celtro com>]

Just following on the George's proposal,

could you please try the following expression WRT to megaco.termid range:



        megaco.termid[5:] gt "0"  &&  megaco.termid[5:] lt "41"



according to http://www.wireshark.org/docs/man-pages/wireshark-filter.html

notation

     [i:]     start_offset = i, end_offset = end_of_field



e.g megaco.termid[5:] is expected to select substrings starting from the 6th character in "port_XYZ"









If this doesn't work, could you please try more verbose approach:



     megaco.termid[6] == 0           // indicates string of length 6 such as "port_X"

or

     megaco.termid[7] == 0           // indicates string of length 6 such as "port_XY"

     and one of the following

        megaco.termid[5] == "1"        // selects strings with pattern "xxxxx1x" in particular "port_1x"

        megaco.termid[5] == "2"

        megaco.termid[5] == "3"

        megaco.termid[5] == "4"



BR/Emanuel



________________________________

From: wireshark-users-bounces () wireshark org [wireshark-users-bounces () wireshark org] on behalf of George [hgsal () 
yahoo gr]
Sent: Thursday, October 13, 2011 2:32 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command

Hi Manoli,

Just a hind from my side, if you want to try with this.
In http://wiki.wireshark.org/CaptureFilters i have find the following filter :

(tcp[0:2] > 1500 and tcp[0:2] < 1550)

i have tried this but is not clear to me which values are acceptable after tcp[0:2] >.
as 0:2 are the bytes for source and dest ports, in my try source was 2&3 and dest 3&4.

Regards,
George

________________________________
Απο: Manolis Katsidoniotis <manoska () gmail com>
Προς: Community support list for Wireshark <wireshark-users () wireshark org>
Στάλθηκε: 1:48 μ.μ. Πέμπτη, 13 Οκτωβρίου 2011
Θεμα: Re: [Wireshark-users] wireshark display filters: display range of termination ids in one command

thanks Martin

yes that's true
I put this more like an example of what I want to do
(of course I tried it since you never know how smart is a filter)

I saw some expressions of type
h248.termList

but am not aware of exactly how to use them.

Anyone who has even used them before?

thanks
Manolis


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe



This mail was received via Mail-SeCure System.

This mail was sent via Mail-SeCure System.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe