Wireshark-bugs: [Wireshark-bugs] [Bug 4560] New: New feature: extract specified diameter AVPs fr
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4560
Summary: New feature: extract specified diameter AVPs from
large capture files
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: andrejk@xxxxxxxxxx
Created an attachment (id=4371)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4371)
pach: New feature: extract specified diameter AVPs from large capture files
Build Information:
TShark 1.3.4 (SVN Rev 32126 from /trunk)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.22.4, with libpcap 1.0.0, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without c-ares, without ADNS, with
Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT
Kerberos, without GeoIP.
Running on Linux 2.6.31.12-174.2.22.fc12.i686, with libpcap version 1.0.0,
GnuTLS 2.8.5, Gcrypt 1.4.4.
Built using gcc 4.4.3 20100127 (Red Hat 4.4.3-4).
--
New feature: extract specified diameter AVPs from large capture files
Reason for new feature:
extraction of specified diameter AVPs from large capture files is nearly
imossible in current version:
- extraction using -T text, -T pdml options is extremely slow
- extraction using -T field and -z proto,colinfo are very limited for
diameter-AVP
Description:
New option is -z diameter,avp[list of diameter fields].
* This TAP enables extraction of most important diameter fields in text format.
* - much more performance than -T text and -T pdml
* - more powerfull than -T field and -z proto,colinfo
* - exacltly one text line per diameter message
* - multiple diameter messages in one frame supported
* E.g. one device watchdog answer and two credit control answers
* in one TCP packet produces 3 text lines.
* - several fields with same name within one diameter message supported
* E.g. Multiple AVP(444) Subscription-Id-Data once with IMSI once with MSISDN
* - several grouped AVPs supported
* E.g. Zero or more Multiple-Services-Credit-Control AVPs(456)
Usage examples:
tshark -r diameter.cap -z diameter,avp
tshark -r diameter.cap -z
diameter,avp,CC-Request-Number,Rating-Group,Result-Code
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.