Wireshark mailing list archives
Re: [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command
From: Manolis Katsidoniotis <manoska () gmail com>
Date: Fri, 14 Oct 2011 18:53:58 +0300
Hello George and Emanuel It worked !!!!! I have 760 ports.
From port_1 to port_760.
With the below filter,, I can now see them in groups of 40 :)))))) with the SIP traffic that is generated on the other side. ( ip.addr==10.85.227.168 && ( (megaco.termid[5:] gt "0") && (megaco.termid[5:] lt "41") ) ) || (sip contains 46710020000) Many thanks George and Emanuel !!!!!!!!!!!! This is really very big help !!!!!!!!!!!!!!!! Manolis 2011/10/13 Emanuel Fleishman <Emanuel.Fleishman () celtro com>
Just following on the George's proposal, could you please try the following expression WRT to *megaco.termid*range: megaco.termid[5:] gt "0" && megaco.termid[5:] lt "41" according to http://www.wireshark.org/docs/man-pages/wireshark-filter.html notation* * [i:] start_offset = i, end_offset = end_of_field e.g *megaco.termid**[5:]* is expected to select substrings starting from the 6th character in "port_XYZ" If this doesn't work, could you please try more verbose approach: megaco.termid[6] == 0 // indicates string of length 6 such as "port_X" *or* megaco.termid[7] == 0 // indicates string of length 6 such as "port_XY" *and *one of the following megaco.termid[5] == "1" // selects strings with pattern "xxxxx1x" in particular "port_1x" megaco.termid[5] == "2" megaco.termid[5] == "3" megaco.termid[5] == "4" BR/Emanuel ------------------------------ *From:* wireshark-users-bounces () wireshark org [ wireshark-users-bounces () wireshark org] on behalf of George [hgsal () yahoo gr ] *Sent:* Thursday, October 13, 2011 2:32 PM *To:* Community support list for Wireshark *Subject:* [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command Hi Manoli, Just a hind from my side, if you want to try with this. In http://wiki.wireshark.org/CaptureFilters i have find the following filter : (tcp[0:2] > 1500 and tcp[0:2] < 1550) i have tried this but is not clear to me which values are acceptable after tcp[0:2] >. as 0:2 are the bytes for source and dest ports, in my try source was 2&3 and dest 3&4. Regards, George ------------------------------ *Απο:* Manolis Katsidoniotis <manoska () gmail com> *Προς:* Community support list for Wireshark < wireshark-users () wireshark org> *Στάλθηκε:* 1:48 μ.μ. Πέμπτη, 13 Οκτωβρίου 2011 *Θεμα:* Re: [Wireshark-users] wireshark display filters: display range of termination ids in one command thanks Martin yes that's true I put this more like an example of what I want to do (of course I tried it since you never know how smart is a filter) I saw some expressions of type h248.termList but am not aware of exactly how to use them. Anyone who has even used them before? thanks Manolis ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe This mail was received via Mail-SeCure System. This mail was sent via Mail-SeCure System. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- wireshark display filters: display range of termination ids in one command Manolis Katsidoniotis (Oct 13)
- Re: wireshark display filters: display range of termination ids in one command Martin Mathieson (Oct 13)
- Re: wireshark display filters: display range of termination ids in one command Martin Mathieson (Oct 13)
- Re: wireshark display filters: display range of termination ids in one command Manolis Katsidoniotis (Oct 13)
- Σχετ: wireshark display filters: display range of termination ids in one command George (Oct 13)
- Re: [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command Emanuel Fleishman (Oct 13)
- Re: [Wireshark-users] Σχετ: wireshark display filters: display range of termination ids in one command Manolis Katsidoniotis (Oct 14)
- Re: wireshark display filters: display range of termination ids in one command Martin Mathieson (Oct 13)
- Re: wireshark display filters: display range of termination ids in one command Martin Mathieson (Oct 13)
- Re: wireshark display filters: display range of termination ids in one command Manolis Katsidoniotis (Oct 14)
- Re: wireshark display filters: display range of termination ids in one command Guy Harris (Oct 14)
- Re: wireshark display filters: display range of termination ids in one command Manolis Katsidoniotis (Oct 14)