I'm trying to find a proper way to filter requests and responses for GSM MAP operations. So, usualy capture looks like this:
TCAP
- Transaction ID
- Components
GSM MAP
- opCode
- MSISDN
- etc</code></pre><p>I.e., GSM MAP is payload of TCAP. I filter requests based on MAP values (opCode and msisdn), such as</p><pre><code>(gsm_map.address.digits == "123456789") && (gsm_old.localValue == 45)</code></pre><p>Response comes with the same TCAP Transaction ID, so I manualy extract it from request and filter again:</p><pre><code>tcap.tid == 78:16</code></pre><p>This shows both needed request and response. All this can be done by hand by writing filters twice, as described above. I was wondering if it's possible to write one single filter to extract both requests and responses at once (by using msisdn and opCode as inputs only). Is that possible or should one write a postdissector in Lua to do such tasks?</p></div><div id="question-tags" class="tags-container tags"><span class="post-tag tag-link-filter" rel="tag" title="see questions tagged 'filter'">filter</span> <span class="post-tag tag-link-map" rel="tag" title="see questions tagged 'map'">map</span> <span class="post-tag tag-link-request" rel="tag" title="see questions tagged 'request'">request</span> <span class="post-tag tag-link-response" rel="tag" title="see questions tagged 'response'">response</span></div><div id="question-controls" class="post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>asked <strong>11 Oct '12, 06:47</strong></p><img src="https://secure.gravatar.com/avatar/0d235ba4e7903c0e6959c36d85697a77?s=32&d=identicon&r=g" class="gravatar" width="32" height="32" alt="mariusm's gravatar image" /><p><span>mariusm</span><br />
1●1●1●1
accept rate: 0%
