This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

isakmp.ispi as a display filter

0

I am attempting to apply a display filter based on the ISAKMP Intiator SPI, which is f64e30753a4a41b6.

I have used the filter builder (expression) and as soon as I paste in either f6 4e 30 75 3a 4a 41 b6 or f64e30753a4a41b6 then the filter is shown as being invalid.

I have tried "f64e30753a4a41b6" and "f6 4e 30 75 3a 4a 41 b6" which works for the filter checker, but does not output any data even though I can see packets with ISAMP SPI set to f64e30753a4a41b6.

Any ideas?

Thanks,

Pat

asked 03 Jul '17, 15:58

patgrogan_act_au's gravatar image

patgrogan_ac...
6112
accept rate: 0%


One Answer:

1

Have you tried isakmp.ispi == f6:4e:30:75:3a:4a:41:b6

answered 04 Jul '17, 02:19

Uli's gravatar image

Uli
9031515
accept rate: 29%

edited 04 Jul '17, 12:15

This worked fine. Thanks for the information. Pat

(18 Aug '17, 13:45) patgrogan_ac...

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(18 Aug '17, 14:00) Jaap ♦