Hello, is it possible to make in wireshark/tshark a filter which display all packet with response? I have a file with DHCPv6 packets, for example in this file is 100 Solicit packets (dhcpv6.msgtype==1) but only 50 packets with Advertise packets (msgtype==2). A common part of these packets is transaction id (dhcpv6.xid) and I would like to display this 50 Solicit packets and 50 Advertise packets with this common part (xid). Is it possible? asked 02 Jan '16, 12:21  razz9 |
One Answer:
Unfortunately, not directly with the current dhcpv6 dissector, because unlike some other dissectors, it does not provide the frame cross-reference pseudo-fields. The display filters only evaluate fields of a single frame, so they cannot handle inter-packet relationships unless the dissector generates the pseudo-fields representing such relationships. You should be able to fulfil your goal using MATE, though. answered 02 Jan '16, 14:02  sindy |
