Wireshark-dev: Re: [Wireshark-dev] Implementation of Morphing Display filters on the fly ....
From: "Purandhar Krishnamurthy" <purandhar.krishnamurthy@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 1 Jun 2007 09:09:57 -0400 (EDT)
Hello Luis Ontanon,

Thanks for the Link that you've sent. It was of great help.

Thanks,
Purandhar

> http://wiki.wireshark.org/Mate/Examples#head-024177fe669649345cc7c67b8eb227243d94c764
>
>
> On 5/31/07, Purandhar Krishnamurthy
> <purandhar.krishnamurthy@xxxxxxxxxxxxxxxxxxxx> wrote:
>> Hello,
>>
>>   I would like to create a conditional display filter.  When a filter
>> criteria is hit on one protocol I would like to change the display
>> filter so that it includes an OR'd reference to another protocol.
>>
>>
>> How can I update the wireshark code to modify a display filter on the
>> fly ?
>>
>> Problem Summary
>> ===============
>>
>> We are analysing packes for UMTS.
>>
>> First we are filtering based on IMSI/Subscriber identity.
>>
>> For example
>> Filter String - "radius._IMSI == 999999999998001"
>>
>> While we analyse/dissect packets, we update the filter string with
>> ip.addr
>> (Framed IP address, which we are getting in the Layer1 of Protocol as an
>> Attribute Value Pair)
>>
>> Updated filter string on the fly is :
>>
>>      "radius._IMSI == 999999999998001 || ip.addr == 10.166.104.151"
>>
>> Then we get list of packets, send and received by that subscriber.
>>
>> Then we apply another filter to get information for a particular PDP
>> context.
>>
>> Filter String - "radius._IMSI == 999999999998001 || ip.addr ==
>> 10.166.104.151"
>>
>> But we are not getting filtered list of packets. We are again getting
>> other packets for which IP Address doesn't matches also.
>>
>> Can anybody assist us,
>>
>> Thanks in advance,
>> Purandhar/Bhowmick
>>
>>
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>