Wireshark-dev: Re: [Wireshark-dev] Conversation filters
From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>
Date: Thu, 22 Nov 2007 16:29:52 +0100
Hi, > Actually, what I suggested will only give one side of the conversa\tion that you're interested in. However, > (ip.addr==ADDR1 and tcp.port==PORT1) and (ip.addr=ADDR2 and tcp.port==PORT2) > should do the trick. It is the original filter which matches both streams. I am able to define filter manually, it is no problem, is has to be: (ip.src==ADDR1 and tcp.srcport==PORT1 and ip.dst=ADDR2 and tcp.dstport==PORT2) or (ip.src==ADDR2 and tcp.srcport==PORT2 and ip.dst=ADDR1 and tcp.dstport==PORT1) But my questions are: 1) is there any shorter filter wich could be used 2) should not be this fiter cretaed with "conversation tools" (context menu, conv. dialog) instead of current one which can filter two streams? Tomas Andy Lawman <ALawman@xxxxxxxxxxx> To Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> cc bcc Subject Re: [Wireshark-dev] Conversation filters Andy Lawman <ALawman@xxxxxxxxxxx> Please respond to : Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx 21/11/2007 17:44 Try somthing along the lines of ip.src==ADDR1 and ip.dst=ADDR2 and tcp.srcport==PORT1 and tcp.dstport==PORT2. So not a bug. Andy. "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx> To <wireshark-dev@xxxxxxxxxxxxx> cc bcc Subject [Wireshark-dev] Conversation filters "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx> Please respond to : Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx 21/11/2007 17:11 If I filter conversation from the context menu or the Conversations dialog it crates filter in following way (or similar): ip.addr==ADDR1 and ip.addr=ADDR2 and tcp.port==PORT1 and tcp.port==PORT2 Unfortunaty it matches to two TCP streams ADDR1:PORT1<->ADDR2:PORT2 and ADDR1:PORT2<->ADDR2:PORT1 and if I have both of them in one file it is not easy to filter them from conversations menu. Was it an intention or is it a bug? If it is a bug what another filter style should we generate? Regards, Tomas _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the use of the addressee/s above. It may contain information which is privileged, confidential or otherwise protected from disclosure under applicable laws. If the reader of this transmission is not the intended recipient, you are hereby notified that any dissemination, printing, distribution, copying, disclosure or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify us by reply e-mail or using the address below and delete the message and any attachments from your system. Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow, Middlesex, TW6 2TA, Registered number 4040059_______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the use of the addressee/s above. It may contain information which is privileged, confidential or otherwise protected from disclosure under applicable laws. If the reader of this transmission is not the intended recipient, you are hereby notified that any dissemination, printing, distribution, copying, disclosure or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify us by reply e-mail or using the address below and delete the message and any attachments from your system. Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road, Hounslow, Middlesex, TW6 2TA, Registered number 4040059
- References:
- Re: [Wireshark-dev] Conversation filters
- From: Andy Lawman
- Re: [Wireshark-dev] Conversation filters
- From: Andy Lawman
- Re: [Wireshark-dev] Conversation filters
- Prev by Date: Re: [Wireshark-dev] Conversation filters
- Next by Date: Re: [Wireshark-dev] 0.99.7pre1: missing preferences for fcoe and samr
- Previous by thread: Re: [Wireshark-dev] Conversation filters
- Next by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 23524: /trunk-0.99.7/
- Index(es):