Wireshark-users: Re: [Wireshark-users] Display filters for application protocols
From: Lukáš Oliva <olivalukas@xxxxxxxxx>
Date: Tue, 8 Mar 2011 21:23:06 +0100
  Hello Sake,
actually trying it just now. Actually it seems as interesting idea.

  Lukas


2011/3/8 Sake Blok <sake@xxxxxxxxxx>:
> On 8 mrt 2011, at 19:43, Lukáš Oliva wrote:
>
>> actually this is what I somehow expected. Is there a way how to filter
>> out just the packets I want? Like: filter out all frames containing
>> LIR message but display only LIR messages?
>
> I think you can do it with:
>
> diameter.cmd.code==302 and not diameter.cmd.code!=302
>
>
>> I mean could I somehow
>> filter this using capture filters (I think this is not possible, but
>> just for sure)
>
> Capture filters are limited to (reasonably) fixed offsets to look for stuff, so it will not work with capture filters....
>
>> or how to use display filters with some more precise
>> configuration saying display LIR messages only?
>
> Why don't you give the above filter a shot and if it does not work, send a little tracefile with the frame you DO and the frames you DON'T want and I'll give it another shot...
>
> Cheers,
>
>
> Sake
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>