Hi Rohit, I think what you are looking for is MATE (http://wiki.wireshark.org/Mate).
HTH Abhik On Sat, Jun 5, 2010 at 8:55 PM, Rohit Mediratta <[email protected]>wrote: > The relation between packets is as follows. > > 1. Packet A is a request to setup a session. This packet has a unique > "request tunnel Identifier" and a "requestIndex". > 2. Packet B is a reply, this packet is tunneled with the "request tunnel > Identifier" and contains a "reply tunnel Identifier" > 3. Packet C is subsequent request packet which is tunneled with "reply > tunnel Identifier" > 4. Packet D is a subsequent reply packet which is tunneled with "request > tunnel Identifier". > > NOTE: "tunnel Identifier" are unique in a single direction only, so there > is no algorithmic correlation between the "request tunnel Identifier" and > "reply tunnel Identifier". > > I am looking to generate a view for all packets which are related to the > "requestIndex". > I am open to the idea of editing the dissectors to achieve this. > > Any ideas/pointers would be very useful. > > thanks, > Rohit > > > Date: Sat, 5 Jun 2010 12:25:55 +0200 > > From: [email protected] > > To: [email protected] > > Subject: Re: [Wireshark-dev] Generation of display filter based on a > field in the pcap > > > > On 06/05/2010 11:37 AM, Rohit Mediratta wrote: > > > Hi, > > > I am trying to generate a display filter which is based on the the > value > > > of a TLV within the pcap. > > > Let me provide an example of a display filter I am trying to generate > in > > > the pcap that I have. > > > > > > 1. Packet A has a TLV with value1 and another TLV with value2. > > > 2. Packet B has a TLV with value2 and a TLV with value3. > > > 3. Packet C has a TLV with value3. > > > 4. Packet D has a TLV with value2. > > > > > > I'd like my display filter to be > > > "special_display_filter == value1" > > > When I apply this filter, I'd like all 4 packets to be displayed. > > > > > > This is, ofcourse, my view of how I can achieve this. If there is > > > another methodology to achieve my aim of displaying all packets related > > > to Packet A, then please enlighten me. > > > > > > > > > My final goal is to update the flow_graph to view all 4 packets, when I > > > select "packet flow for any packets related to Packet A". If someone > can > > > provide any pointers/hints that would be useful. > > > > > > thanks in advance, > > > Rohit > > > > > > > Hi, > > > > What's the relation between packet A, B, C and D? How do you identify > this > > relation from the packets? Your display filter now will only match packet > A. > > > > Thanks, > > Jaap > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected]?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
