On Thu, Oct 14, 2010 at 03:47:43PM +0200, Alexander 'Leo' Bergolth wrote:
> Is there a way to display the text representation of an ldap
> search-filter using tshark?
>
> I tried -e ldap.filter but this is only a 32 bit filter element (only
> the first filter element). Is there another display filter or a
> function that displays a human readable version of the whole
> search-filter?
The source code has a list of possible values for the ldap.filter
number:
{ 0, "and" },
{ 1, "or" },
{ 2, "not" },
{ 3, "equalityMatch" },
{ 4, "substrings" },
{ 5, "greaterOrEqual" },
{ 6, "lessOrEqual" },
{ 7, "present" },
{ 8, "approxMatch" },
{ 9, "extensibleMatch" },
Are these values you're trying to display? I don't think it's possible
in tshark right now, although I thought I saw a request for that and
possibly even work toward it not too long ago. Wireshark displays
those text strings in the custom columns now.
