Hi,
> Actually, what I suggested will only give one side of the
conversa\tion that you're interested in. However,
> (ip.addr==ADDR1 and tcp.port==PORT1) and (ip.addr=ADDR2 and
tcp.port==PORT2)
> should do the trick.
It is the original filter which matches both streams.
I am able to define filter manually, it is no problem, is has to be:
(ip.src==ADDR1 and tcp.srcport==PORT1 and ip.dst=ADDR2 and
tcp.dstport==PORT2) or
(ip.src==ADDR2 and tcp.srcport==PORT2 and ip.dst=ADDR1 and
tcp.dstport==PORT1)
But my questions are:
1) is there any shorter filter wich could be used
2) should not be this fiter cretaed with "conversation tools" (context
menu, conv. dialog) instead of current one which can filter two streams?
Tomas
Andy Lawman <[EMAIL PROTECTED]>
To
Developer support list for Wireshark
<wireshark-dev@wireshark.org>
cc
bcc
Subject
Re: [Wireshark-dev] Conversation filters
Andy Lawman <[EMAIL PROTECTED]>
Please respond to : Developer support list for Wireshark
<wireshark-dev@wireshark.org>
Sent by: [EMAIL PROTECTED]
21/11/2007 17:44
Try somthing along the lines of ip.src==ADDR1 and ip.dst=ADDR2 and
tcp.srcport==PORT1 and tcp.dstport==PORT2.
So not a bug.
Andy.
"Kukosa, Tomas" <[EMAIL PROTECTED]>
To
<wireshark-dev@wireshark.org>
cc
bcc
Subject
[Wireshark-dev] Conversation filters
"Kukosa, Tomas" <[EMAIL PROTECTED]>
Please respond to : Developer support list for Wireshark
<wireshark-dev@wireshark.org>
Sent by: [EMAIL PROTECTED]
21/11/2007 17:11
If I filter conversation from the context menu or the
Conversations dialog it crates filter in following way (or similar):
ip.addr==ADDR1 and ip.addr=ADDR2 and tcp.port==PORT1 and
tcp.port==PORT2
Unfortunaty it matches to two TCP streams
ADDR1:PORT1<->ADDR2:PORT2 and ADDR1:PORT2<->ADDR2:PORT1
and if I have both of them in one file it is not easy to filter
them from conversations menu.
Was it an intention or is it a bug?
If it is a bug what another filter style should we generate?
Regards,
Tomas
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended
only for the use of the addressee/s above. It may contain information
which is privileged, confidential or otherwise protected from disclosure
under applicable laws. If the reader of this transmission is not the
intended recipient, you are hereby notified that any dissemination,
printing, distribution, copying, disclosure or the taking of any action
in reliance on the contents of this information is strictly prohibited.
If you have received this transmission in error, please immediately
notify us by reply e-mail or using the address below and delete the
message and any attachments from your system.
Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road,
Hounslow, Middlesex, TW6 2TA, Registered number
4040059_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended
only for the use of the addressee/s above. It may contain information
which is privileged, confidential or otherwise protected from disclosure
under applicable laws. If the reader of this transmission is not the
intended recipient, you are hereby notified that any dissemination,
printing, distribution, copying, disclosure or the taking of any action
in reliance on the contents of this information is strictly prohibited.
If you have received this transmission in error, please immediately
notify us by reply e-mail or using the address below and delete the
message and any attachments from your system.
Amadeus Services Ltd, World Business Centre 3, 1208 Newall Road,
Hounslow, Middlesex, TW6 2TA, Registered number 4040059
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
