Wireshark · Wireshark-dev: Re: [Wireshark-dev] tshark problem with grouped AVP:s?

Wireshark-dev: Re: [Wireshark-dev] tshark problem with grouped AVP:s?

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 14 Nov 2013 16:39:37 -0500

On 11/14/13 11:14, Anders Broman wrote:

Hi,

The following tshark parameters ï¿½ -Y diameter -z
proto,colinfo,diameter.Experimental-Result-Code,diameter.Experimental-Result-Codeï¿½
yields no result where as

-Y diameter -z proto,colinfo,diameter.Result-Code,diameter.Result-Code

Does the only difference seems to be that the first one is grouped.
Looking at the code I canï¿½t see why it shouldnï¿½t work ï¿½ ideas?

After a bit of digging I can find that I can fix the problem bycommenting out the (Vendor=ETSI) Experimental-Result-Code AVP from

diameter/etsie2e4.xml .

I suppose (but I'm out of time to check now) that the problem is thatwe're getting 2 hf's with the same abbreviation and the "filter" portionof that command is picking the 2nd but the "field" portion is choosingthe 1st. Or something like that?

Follow-Ups:
- Re: [Wireshark-dev] tshark problem with grouped AVP:s?
  - From: Anders Broman

References:
- [Wireshark-dev] tshark problem with grouped AVP:s?
  - From: Anders Broman

Prev by Date: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
Next by Date: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
Previous by thread: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
Next by thread: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
Index(es):
- Date
- Thread