Hi, We have current automation framework that uses wireshark version 1.2. We would like to use wireshark version 1.6.7. But the problem is, there are some display filters that are changed from 1.2.x to 1.6.7. I would like to get list of filters that are changed so that I can just change those in my automation framework. With out this data, I'll need to check all current display filters to see whether they are valid or not, which will be tedious! Any help will be really helpful! asked 20 Sep '13, 01:49  Ramprasad |
2 Answers:
There is no list of changed filters, at least I don't know one. You can print the list of fields (usable in the filters) with tshark and run a diff on the output.
However, I don't know if tshark 1.2 has this feature. Just try it and you'll see. If that does not work, you can still run a diff on the source code to see what fields have changed. Regards answered 20 Sep '13, 02:01  Kurt Knochner ♦ edited 20 Sep '13, 02:03 |
The Wireshark Display Filter Reference page lists all fields and their applicable versions. And besides answered 20 Sep '13, 07:35  cmaynard ♦♦
that would be a nice extension for tshark. (20 Sep '13, 07:39) Kurt Knochner ♦ |
That approach was my idea, too, but I didn't remember how to list all the fields. I don't use tshark enough, it seems :-)
well, I'm a lot into automation in my projects and tshark is quite useful for some tasks.
But, it's never too late ;-) And you are probably spending some of time on tracewrangler :-)
yup, whenever there is time I'm wrangling code :-)