Wireshark · Wireshark-dev: [Wireshark-dev] Defining global filters?

Wireshark-dev: [Wireshark-dev] Defining global filters?

From: Anders Broman <anders.broman@xxxxxxxxxxxx>

Date: Mon, 18 Aug 2014 13:46:28 +0000

Hi,

How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow through the system it could be interesting to filter on

IMSI across multiple protocols to build a filter covering all messages in the call flow.

Suggestion:

Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there and/or export the hf

Variable to be used in the protocol dissectors.

From GTPv2 current:

International Mobile Subscriber Identity (IMSI) : 262021030000050

IE Type: International Mobile Subscriber Identity (IMSI) (1)

IE Length: 8

0000 .... = CR flag: 0

.... 0000 = Instance: 0

IMSI(International Mobile Subscriber Identity number): 262021030000050

New

International Mobile Subscriber Identity (IMSI) : 262021030000050

IE Type: International Mobile Subscriber Identity (IMSI) (1)

IE Length: 8

0000 .... = CR flag: 0

.... 0000 = Instance: 0

IMSI(International Mobile Subscriber Identity number): 262021030000050

[Global filter IMSI : 262021030000050]

Comments?

Regards

Anders

Follow-Ups:
- Re: [Wireshark-dev] Defining global filters?
  - From: Michal Orynicz
- Re: [Wireshark-dev] Defining global filters?
  - From: mmann78
- Re: [Wireshark-dev] Defining global filters?
  - From: Jeff Morriss
- Re: [Wireshark-dev] Defining global filters?
  - From: Kukosa, Tomas

Prev by Date: [Wireshark-dev] Petri-dish Ubuntu build failing
Next by Date: Re: [Wireshark-dev] Defining global filters?
Previous by thread: [Wireshark-dev] Petri-dish Ubuntu build failing
Next by thread: Re: [Wireshark-dev] Defining global filters?
Index(es):
- Date
- Thread