On 06/05/2010 11:37 AM, Rohit Mediratta wrote:
Hi,
I am trying to generate a display filter which is based on the the value
of a TLV within the pcap.
Let me provide an example of a display filter I am trying to generate in
the pcap that I have.
1. Packet A has a TLV with value1 and another TLV with value2.
2. Packet B has a TLV with value2 and a TLV with value3.
3. Packet C has a TLV with value3.
4. Packet D has a TLV with value2.
I'd like my display filter to be
"special_display_filter == value1"
When I apply this filter, I'd like all 4 packets to be displayed.
This is, ofcourse, my view of how I can achieve this. If there is
another methodology to achieve my aim of displaying all packets related
to Packet A, then please enlighten me.
My final goal is to update the flow_graph to view all 4 packets, when I
select "packet flow for any packets related to Packet A". If someone can
provide any pointers/hints that would be useful.
thanks in advance,
Rohit
Hi,
What's the relation between packet A, B, C and D? How do you identify this
relation from the packets? Your display filter now will only match packet A.
Thanks,
Jaap
