Wireshark mailing list archives
Re: Defining global filters?
From: "Kukosa, Tomas" <tomas.kukosa () unify com>
Date: Tue, 19 Aug 2014 06:20:17 +0000
Hi Anders, just one idea, what about introducing some "fields nicknames" configuration file instead of creating hardcoded global_filters.[ch]: --- fields_nicknames.txt --- gtp.imsi xgtp.imsi gtpv2.imsi xgtp.imsi --- It would allow users to define also own nicknames. Best regards, Tomas From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Anders Broman Sent: Monday, August 18, 2014 15:46 To: wireshark-dev () wireshark org Subject: [Wireshark-dev] Defining global filters? Hi, How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow through the system it could be interesting to filter on IMSI across multiple protocols to build a filter covering all messages in the call flow. Suggestion: Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there and/or export the hf Variable to be used in the protocol dissectors.
From GTPv2 current:
: International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity (IMSI) (1) IE Length: 8 0000 .... = CR flag: 0 .... 0000 = Instance: 0 IMSI(International Mobile Subscriber Identity number): 262021030000050 : New International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity (IMSI) (1) IE Length: 8 0000 .... = CR flag: 0 .... 0000 = Instance: 0 IMSI(International Mobile Subscriber Identity number): 262021030000050 [Global filter IMSI : 262021030000050] Comments? Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Defining global filters? Anders Broman (Aug 18)
- Re: Defining global filters? Michal Orynicz (Aug 18)
- Re: Defining global filters? mmann78 (Aug 18)
- Re: Defining global filters? Jeff Morriss (Aug 18)
- Re: Defining global filters? Anders Broman (Aug 19)
- Re: Defining global filters? Jeff Morriss (Aug 21)
- Re: Defining global filters? Anders Broman (Aug 19)
- Re: Defining global filters? Kukosa, Tomas (Aug 18)
- Re: Defining global filters? Anders Broman (Aug 19)