I have this setup where a diameter connection is established which uses a tcp port which is different than the default port 3868.I have to take a pcap and analyze the diameter messages.Now the problem is we can analyze the pcap in wireshark GUI where I can add the other port along with 3868 in the view ->preferences -> diameter,then it will consider messages at this port also as diameter but how can I do the same in tshark CLI,should I set it in services file (/root/wireshark_182/wireshark-1.8.2/services) ? asked 30 Apr '14, 06:01  babin |
One Answer:
From tshark -h -o <name>:<value> ... override preference setting But the easiest is to start Wireshark change the preference and save, then run tshark. answered 30 Apr '14, 06:36  Anders ♦ |
