Wireshark-dev: [Wireshark-dev] <Help> How to add fieldname for certain IEs
From: Leon Liu <leon.liu@xxxxxxxxxxxx>
Date: Wed, 14 Jul 2010 10:59:24 +0800
Hi all,
Now what I want to do is extract certain IEs(which involve MS capability) from pcap files via tshark.
In my plan, I can achieve it using command 'tshark -r filename.dump -R filter(filter out 'attach request') -T field -e fieldname'.
But when I check the fieldname of IEs which I want to extract, I found that the fieldname is null.
So my question is how to add fieldname in source code?
The picture below shows the stacks of protocols and the IEs within the red ellipse are what I want.
Could someone help me to locate which source file I need to modify? And give me an simple example of how to achieve a new field name?
Thank you
Below shows the IEs I want which are marked as red.
Command:
$ tshark -r gb_link1_05212010_test_00001_20100522012000.dump -R gsm_a.dtap_msg_
gmm_type==0x1 -T pdml | less
<field name="" show="MS Radio Access Capability" size="11" pos="91" value="0
a1453c32b2044c7960800">
<field name="gsm_a.len" showname="Length: 10" size="1" pos="91" show="10"
value="0a"/>
<field name="" show="MS RA capability 1" size="5" pos="92" value="1453c32b
20">
<field name="gsm_a.gm.acc_tech_type" showname="0001 .... = Access Techno
logy Type: GSM E --note that GSM E covers GSM P (1)" size="1" pos="92" show="1"
value="14"/>
<field name="gsm_a.gm.acc_cap_struct_len" showname=".... 0100 010. ....
= Length in bits: 0x22 (34)" size="2" pos="92" show="0x22" value="1453"/>
<field name="" show="...1 00.. RF Power Capability, GMSK Power Class: 2
W (33 dBm) (4)" size="1" pos="93" value="53"/>
<field name="" show="A5 Bits: A5 bits follow (1)" size="1" pos="93" valu
e="53"/>
<field name="" show="A5/1: encryption algorithm available (1)" size="1"
pos="93" value="53"/>
<field name="" show="A5/2: encryption algorithm available (1)" size="1"
pos="94" value="c3"/>
<field name="" show="A5/3: encryption algorithm available (1)" size="1"
pos="94" value="c3"/>
<field name="" show="A5/4: encryption algorithm not available (0)" size=
"1" pos="94" value="c3"/>
<field name="" show="A5/5: encryption algorithm not available (0)" size=
"1" pos="94" value="c3"/>
<field name="" show="A5/6: encryption algorithm not available (0)" size=
"1" pos="94" value="c3"/>
<field name="" show="A5/7: encryption algorithm not available (0)" size=
"1" pos="94" value="c3"/>
<field name="" show="Controlled early Classmark Sending: controlled earl
y Classmark Sending option is implemented (1)" size="1" pos="94" value="c3"/>
<field name="" show="Pseudo Synchronisation: PS capability present (1)"
size="1" pos="94" value="c3"/>
<field name="" show="Voice Group Call Service: no VGCS capability or no
notifications wanted (0)" size="1" pos="95" value="2b"/>
<field name="" show="Voice Broadcast Service: no VBS capability or no no
tifications wanted (0)" size="1" pos="95" value="2b"/>
<field name="" show="Multislot capability: Multislot capability struct a
vailable (1)" size="1" pos="95" value="2b"/>
<field name="" show="HSCSD multislot class: Bits are not available (0)"
size="1" pos="95" value="2b"/>
<field name="" show="GPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slo
t/TDMA:4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)" size="2" pos="
95" value="2b20"/>
<field name="" show="GPRS Extended Dynamic Allocation Capability: Extend
ed Dynamic Allocation Capability for GPRS is implemented (1)" size="1" pos="96"
value="20"/>
<field name="" show="SMS/SM values: Bits are not available (0)" size="1"
pos="96" value="20"/>
<field name="" show="ECSD multislot class: Bits are not available (0)" s
ize="1" pos="96" value="20"/>
<field name="" show="EGPRS multislot class: Bits are not available (0)"
size="1" pos="96" value="20"/>
<field name="" show="DTM GPRS Multi Slot Class: Bits are not available (
0)" size="1" pos="96" value="20"/>
<field name="" show="8PSK Power Capability: Bits are not available (0)"
size="1" pos="96" value="20"/>
<field name="" show="COMPACT Interference Measurement Capability: COMPAC
T Interference Measurement Capability is not implemented (0)" size="1" pos="97"
value="44"/>
<field name="" show="Revision Level Indicator: The ME is Release 99 onwa
rds (1)" size="1" pos="97" value="44"/>----------------------------------------------------------------------------------------> the field names of these IEs are all null.
<field name="" show="UMTS FDD Radio Access Technology Capability: UMTS F
DD not supported (0)" size="1" pos="97" value="44"/>
<field name="" show="UMTS 3.84 Mcps TDD Radio Access Technology Capabili
ty: UMTS 3.84 Mcps TDD not supported (0)" size="1" pos="97" value="44"/>
<field name="" show="CDMA 2000 Radio Access Technology Capability: CDMA
2000 not supported (0)" size="1" pos="97" value="44"/>
Best Regards
Leon
- Follow-Ups:
- Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs
- From: Sake Blok
- Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs
- Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
- Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-PowerPC
- Previous by thread: Re: [Wireshark-dev] query regarding field registration of unicode string
- Next by thread: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs
- Index(es):