The relation between packets is as follows. 1. Packet A is a request to setup a session. This packet has a unique "request tunnel Identifier" and a "requestIndex". 2. Packet B is a reply, this packet is tunneled with the "request tunnel Identifier" and contains a "reply tunnel Identifier" 3. Packet C is subsequent request packet which is tunneled with "reply tunnel Identifier" 4. Packet D is a subsequent reply packet which is tunneled with "request tunnel Identifier".
NOTE: "tunnel Identifier" are unique in a single direction only, so there is no algorithmic correlation between the "request tunnel Identifier" and "reply tunnel Identifier". I am looking to generate a view for all packets which are related to the "requestIndex". I am open to the idea of editing the dissectors to achieve this. Any ideas/pointers would be very useful. thanks, Rohit > Date: Sat, 5 Jun 2010 12:25:55 +0200 > From: [email protected] > To: [email protected] > Subject: Re: [Wireshark-dev] Generation of display filter based on a field in > the pcap > > On 06/05/2010 11:37 AM, Rohit Mediratta wrote: > > Hi, > > I am trying to generate a display filter which is based on the the value > > of a TLV within the pcap. > > Let me provide an example of a display filter I am trying to generate in > > the pcap that I have. > > > > 1. Packet A has a TLV with value1 and another TLV with value2. > > 2. Packet B has a TLV with value2 and a TLV with value3. > > 3. Packet C has a TLV with value3. > > 4. Packet D has a TLV with value2. > > > > I'd like my display filter to be > > "special_display_filter == value1" > > When I apply this filter, I'd like all 4 packets to be displayed. > > > > This is, ofcourse, my view of how I can achieve this. If there is > > another methodology to achieve my aim of displaying all packets related > > to Packet A, then please enlighten me. > > > > > > My final goal is to update the flow_graph to view all 4 packets, when I > > select "packet flow for any packets related to Packet A". If someone can > > provide any pointers/hints that would be useful. > > > > thanks in advance, > > Rohit > > > > Hi, > > What's the relation between packet A, B, C and D? How do you identify this > relation from the packets? Your display filter now will only match packet A. > > Thanks, > Jaap > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
