ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1933] New: Unable to use fields as filter under NSIP proto

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 23 Oct 2007 06:37:49 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1933

           Summary: Unable to use fields as filter under NSIP protocols
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: veli-matti.truhponen@xxxxxxxxx


Build Information:
wireshark 0.99.6a (SVN Rev 22276)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.


Built using Microsoft Visual C++ 6.0 build 8804


Press any key to exit

--
When checking Gb over IP -trace, I need to first use the decode as NSIP to get
wireshark to show the Gb-signalling.

After that, when I try to set the filter with most fields on BSSGP-layer (e.g.
using right-click and "prepare filter...selected", I'll get definately wrong
filters. I've tried to manually create those filters as well and they don't
work. However at least bssgp.tmsi_ptmsi and bssgp.pdu_type works.

Here are some examples which don't work properly:

Should be                       prepare filter...selected
bssgb.tlli                      bssgp.ie_type == 0x1f
bssgp.imsi                      bssgp.ie_type == 0x0d

And so on. As there are further protocols inside BSSGP-frames, it seems that I
can't use their fields as a filter either.

When I need to check any Gb over IP-traces, these identifiers are most useful
for me:

tlli (and tmsi, ptmsi and any equivalent to them; as mobile identity or
allocated p-tmsi or tlli)
P-TMSI signature
imsi
imei (and imeisv)
ipv4_address
cell, RAC, LAC, MNC, MCC (any location information)

Protocols that I need to have those fields as a filter:
BSSGP
LLC
GSM_BSSMAP

There are lots of other fields that I could use and other protocols that I may
need in future, but those are my current need.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube