Wireshark · Wireshark-dev: Re: [Wireshark-dev] tshark problem with grouped AVP:s?

Wireshark-dev: Re: [Wireshark-dev] tshark problem with grouped AVP:s?

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 14 Nov 2013 17:51:31 -0500

On 11/14/13 16:55, Anders Broman wrote:

Jeff Morriss skrev 2013-11-14 22:39:

On 11/14/13 11:14, Anders Broman wrote:

Hi,

The following tshark parameters ” -Y diameter -z
proto,colinfo,diameter.Experimental-Result-Code,diameter.Experimental-Result-Code”

yields no result where as

-Y diameter -z proto,colinfo,diameter.Result-Code,diameter.Result-Code

Does the only difference seems to be that the first one is grouped.
Looking at the code I can’t see why it shouldn’t work – ideas?


After a bit of digging I can find that I can fix the problem by
commenting out the (Vendor=ETSI) Experimental-Result-Code AVP from
diameter/etsie2e4.xml .

I suppose (but I'm out of time to check now) that the problem is that
we're getting 2 hf's with the same abbreviation and the "filter"
portion of that command is picking the 2nd but the "field" portion is
choosing the 1st.  Or something like that?


Add vendor name to the filter name?
"diameter.etsi.Experimental-Result-Code"

Yeah I was wondering that too but since we don't prevent multiple hfswith the same abbreviation it's probably a generic problem worth solving.

References:
- [Wireshark-dev] tshark problem with grouped AVP:s?
  - From: Anders Broman
- Re: [Wireshark-dev] tshark problem with grouped AVP:s?
  - From: Jeff Morriss
- Re: [Wireshark-dev] tshark problem with grouped AVP:s?
  - From: Anders Broman

Prev by Date: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
Next by Date: Re: [Wireshark-dev] Build wireshark-qt with Clang : -fPIC or -fPIE
Previous by thread: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
Next by thread: [Wireshark-dev] rf5 file (k18)
Index(es):
- Date
- Thread