Wireshark-dev: Re: [Wireshark-dev] Implementation of Morphing Display filters on the fly ....
Date Prev · Date Next · Thread Prev · Thread Next
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Thu, 31 May 2007 20:23:11 +0200
http://wiki.wireshark.org/Mate/Examples#head-024177fe669649345cc7c67b8eb227243d94c764


On 5/31/07, Purandhar Krishnamurthy
<purandhar.krishnamurthy@xxxxxxxxxxxxxxxxxxxx> wrote:
Hello,

  I would like to create a conditional display filter.  When a filter
criteria is hit on one protocol I would like to change the display
filter so that it includes an OR'd reference to another protocol.


How can I update the wireshark code to modify a display filter on the fly ?

Problem Summary
===============

We are analysing packes for UMTS.

First we are filtering based on IMSI/Subscriber identity.

For example
Filter String - "radius._IMSI == 999999999998001"

While we analyse/dissect packets, we update the filter string with ip.addr
(Framed IP address, which we are getting in the Layer1 of Protocol as an
Attribute Value Pair)

Updated filter string on the fly is :

     "radius._IMSI == 999999999998001 || ip.addr == 10.166.104.151"

Then we get list of packets, send and received by that subscriber.

Then we apply another filter to get information for a particular PDP context.

Filter String - "radius._IMSI == 999999999998001 || ip.addr ==
10.166.104.151"

But we are not getting filtered list of packets. We are again getting
other packets for which IP Address doesn't matches also.

Can anybody assist us,

Thanks in advance,
Purandhar/Bhowmick


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan