Wireshark-users: Re: [Wireshark-users] [Fwd: Wireshark to K12 comparison]

From: "Luis EG Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Wed, 3 Oct 2007 20:21:24 +0200

> Additional questions  :
> - I don't succeed to build a  filter to isolate a complete TCAP transaction based on "Original transcation id"  and "Destination transaction id" parameters ==> very, very, very helpfull to  retrieve among several records one GSM MAP procedure (i.e. a complete "Update  Location" with its "Insert Subscriber Data" messages)  + the same  request for a SCCP connected oriented procedure base on "SCFid" (i.e. to follow  a complete BSSMAP call establishment from the Connection Request to the  Connection Release) : is it possible ? or do we have to imagine a macro  mechanism ?

For SCCP I added connection oriented tracing a while ago (0.99.6 has it),

Go to Preferences->Protocols->SCCP and set "Trace Associations", this
creates a tree with information about all messages in a given
connection. (sccp.assoc.id is a generated successive id for each
connection).

It is in my plans, to add the same capability to TCAP (not soon).

Another missing feature is filter fields to get all messages from all
connections given
a given IMSI or some other useful identifiers.

Which other Identifiers you think would be useful?

Luis