Wireshark-dev: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
From: Anders Broman <a.broman@xxxxxxxxxxxx>
Date: Thu, 14 Nov 2013 22:55:02 +0100
Jeff Morriss skrev 2013-11-14 22:39:
On 11/14/13 11:14, Anders Broman wrote:
Hi,

The following tshark parameters ” -Y diameter -z
proto,colinfo,diameter.Experimental-Result-Code,diameter.Experimental-Result-Code”
yields no result where as

-Y diameter -z proto,colinfo,diameter.Result-Code,diameter.Result-Code

Does the only difference seems to be that the first one is grouped.
Looking at the code I can’t see why it shouldn’t work – ideas?

After a bit of digging I can find that I can fix the problem by commenting out the (Vendor=ETSI) Experimental-Result-Code AVP from
diameter/etsie2e4.xml .

I suppose (but I'm out of time to check now) that the problem is that we're getting 2 hf's with the same abbreviation and the "filter" portion of that command is picking the 2nd but the "field" portion is choosing the 1st. Or something like that?

Add vendor name to the filter name? "diameter.etsi.Experimental-Result-Code"
to late to look into it today for me ;-)
Thanks for looking into it.
Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe