On Tue, May 15, 2007 at 09:51:20AM -0700, Guy Harris wrote: > Stefan Puiu wrote: > > > Is it possible (with this wireshark version) to specify a filter along the > > lines of "all packets that carry option x with value y"? > > As far as I can tell, all I can currently specify is "one packet that > > has one option type x and one option with value y", but not the same. > > Unfortunately, not in general - the BOOTP/DHCP dissector doesn't have > separate named fields for the values of all options it knows about.
Sounds like something to add as feature-request on bugzilla? > > Example filters I would need: > > > > - all DHCPDISCOVER packets that carry option 55 (parameter request list) > > with a certain value in the respective option (e.g. 1,3,58,59 being the > > sequence of values) > > Unfortunately, there isn't a named field for the value of option 55, so > you can't filter on that. If you can live with the fact that the following filter does not only show you the wanted fields, but also a little noise, the following filter might reduce the amount of frames you need to look at: bootp.option.type == 53 && bootp.option.value == 01 && bootp.option.type == 55 && bootp.option.value == 01:03:3a:3b > > - all DHCPOFFER/DHCPACK packets without option 3 > > Similarly, there isn't a named field for the value of option 53, so you > can't filter on the DHCP message type. Same type of filter here: bootp.option.type == 53 && (bootp.option.value == 02 || bootp.option.value == 05) && !bootp.option.type == 3 > This should probably be fixed. I agree :) Cheers, Sake _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
