Filtering on fields in tunnel headers

[Martin Isaksson <martin.isaksson () ericsson com>]

Hi all!

If I have a packet with protocols like eth:vlan:ip:udp:gtp:ip:tcp, is there a way to filter in one of the IP headers 
only?
I know I can do frame[22:2] == D4:DD (here IP ID of first IP header), but it's not very dynamic, so if for some reason 
the bytes are in different places, this would fail.

Another work-around I've tried is to list one of the IP IDs with tshark and grep.

Thanks,
Martin


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe