Hello list,
I would like to save data packets of a specific protocol layer in
real time to files.
I thought using tethereal with the -V and -x options would permit
another program to filter it's output but the output is different in
the case of a fragmented packet and in the case of a single
non-fragmented packet.
To give a precise exmaple, my protocol stack is something like
(parenthesis show the type of the packets I'm interested in):
MMSE (m-send-req)
WSP (post)
WTP
UDP
IP
Sometimes, the WSP packet is too big to fit in a single WTP packet,
so the WTP dissector reassembles the WTP and it's dissected by the WSP
dissector. In tethereal's output, this gives:
Frame xx
<hex data>
MMSE
type m-send-req
...
WSP
url
...
*Reassembled WTP:*
hex data
I'm interested in the Reassembled WTP part, however I'd like to get
this dump for all WSP packets, also for those that fit in a single WTP
packet.
Is this possible in a way with current (t)ethereal?
If not, is it something someone could be interested in - besides me -
(read: should it be ugly hacked or nicely coded for all protocols)?
Another problem I get is that I'd like to limit the output of tethereal
with m-send-req's to a customizable address. It's easy to achieve with
a read filter like « mmse.to eq \"john.doe@domain\" », but this seems
obly possible when using capture files instead of real time listening.
Any thoughts appreciated,
Best regards,
--
Loïc Minier <lool@xxxxxxxx>