Hi, Experts: for smpp protocol, I just want wireshark to display smpp submit request only with specific Dest term id, and the related server response. the related server response has smpp sequence id related. so how I can realize this display filter? Regards Zenith asked 20 Oct '10, 21:15  zenith edited 21 Oct '10, 18:18 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Have you tried filtering on (smpp.command_id == 0x00000004) || (smpp.command_id == 0x80000004)? That gives you Submit_sm Requests and responses as a first hit.
Regarding the specifics: What exactly do you mean with "Dest term id" ? When looking at a sample trace for smpp i only see an entry for "Recipient address".
Actually, I only want wireshark to display the specific submit request and accurately with it's own response, not all responses. I don't know wireshark can do automatcially using the previously matched packets's smpp msg sequence_id to filter again, and combine the two scan and show the result. it's something like regular expression's back reference.
let me imagine the following syntax for display filter improvement.
function point: 1.group matching
using comma to split next matching within the group, it could be >2 messages in the group.
(smpp.destination_addr contains "9703" ,smpp.sequence_number == &smpp.sequence_number)
2.back reference & is the previous matched packets, once & used, and it should be released immediately. and group matching start over again for next matching group.
and more thinking, currently wireshark do not have the global variables can be defined to use in display filter. to link higher application level packets, if there are global variables that can be used to set some correlation id/key information in it, and reused in later when filtering,then two totally different underly protocols can be linked together. I want to call this service level filtering mechanism.