Wireshark-users: Re: [Wireshark-users] Need assistance in creating a display filter
This sounds like a job for MATE:
http://wiki.wireshark.org/Mate
though I'm not sure if you can then iterate over all the Groups of
Packets and, say, print them out, but it would work for display filters
at least.
Michael R. Pierotti wrote:
Abhik,
Thanks for the info but I already know how to do that. What I am trying to do
is filter on ALL of the BEGIN and END messages because we are troubleshooting
to see if any of the END messages are missing. Going through each BEGIN to
find all END's would be way to time consuming :(
Is there any way to do CDR's in Wireshark? That would work well also.
Thanks,
Mike
-----Original Message-----
From: Abhik Sarkar [mailto:sarkar.abhik@xxxxxxxxx]
Sent: Sunday, July 19, 2009 12:47 PM
To: mike.pierotti@xxxxxxxxxxxxxxxxx; Community support list for Wireshark
Subject: Re: [Wireshark-users] Need assistance in creating a display filter
Hi Michael,
Once you have the capture and have found the BEGIN, expand the TCAP
portion in the packet details pane, bring up the context menu for the
transaction ID and select 'apply as filter selected'.
That should show you all (captured) MSU's with the same transaction ID.
HTH
Abhik
On 7/17/09, Michael R. Pierotti <mike.pierotti@xxxxxxxxxxxxxxxxx> wrote:
I am fairly new to Wireshark when it comes to capturing SIGTRAN and need
assistance in creating a display filter.
What I am attempting to do is capture the TCAP BEGIN with OpCode 66
(readyForSM) and all related TCAP ENDS or TCAP ERRORS for those messages.
Any ideas on how this may be accomplished?
Thanks,