Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Defining global filters?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Tue, 19 Aug 2014 08:29:43 +0000

-----Original Message-----
>From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kukosa, Tomas
>Sent: den 19 augusti 2014 08:20
>To: Developer support list for Wireshark
>Subject: Re: [Wireshark-dev] Defining global filters?
>
>Hi Anders,
>
>just one idea, what about introducing some "fields nicknames" configuration file instead of creating hardcoded global_filters.[ch]:
>--- fields_nicknames.txt ---
>gtp.imsi xgtp.imsi
>gtpv2.imsi xgtp.imsi
>---
>
>It would allow users to define also own nicknames.
>
>Best regards,
>  Tomas

Interesting concept, I'm not sure how that should be implemented though.
Regards
Anders

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Monday, August 18, 2014 15:46
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Defining global filters?

Hi,
How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow through the system it could be interesting to filter on IMSI across multiple protocols to build a filter covering all messages in the call flow.

Suggestion:

Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there and/or export the hf Variable to be used in the protocol dissectors.

>From GTPv2 current:
:
International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity (IMSI) (1) IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
:

New
International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity (IMSI) (1) IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050 [Global filter IMSI : 262021030000050]

Comments?

Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube