Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Defining global filters?

Date: Mon, 18 Aug 2014 14:23:47 -0400 (EDT)
Is the list of protocols that IMSI goes across finite?  Don't you really just want a "Conversation filter" that would be generated to include all the necessary protocols?  The registering dissector has control over how the filter is constructed.  Perhaps modify "Conversation filter menu item" to have 1-many relationship instead of current 1-1 if the necessary "dissector/filter data" can't otherwise be centrally handled?
 
 
 
 
-----Original Message-----
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Mon, Aug 18, 2014 9:48 am
Subject: [Wireshark-dev] Defining global filters?

Hi,
How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow through the system it could be interesting to filter on
IMSI across multiple protocols to build a filter covering all messages in the call flow.
 
Suggestion:
 
Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there and/or export the hf
Variable to be used in the protocol dissectors.
 
From GTPv2 current:
:
International Mobile Subscriber Identity (IMSI) : 262021030000050
IE Type: International Mobile Subscriber Identity (IMSI) (1)
IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
:
 
New
International Mobile Subscriber Identity (IMSI) : 262021030000050
IE Type: International Mobile Subscriber Identity (IMSI) (1)
IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
[Global filter IMSI : 262021030000050]
 
Comments?
 
Regards
Anders
 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe