0

I would like to filter requests in Wireshark.

I have Diameter request which is for example SLR and has concrete session ID and is sent to specified IP destination address. Like SLR - send to 10.44.190.40

I would like to filter every request where session started to this node, but STR with the same session ID went to other destination address.

How can I proceed?

Liju Thomas
  • 1,054
  • 5
  • 18
  • 25
Marcin Prz
  • 1
  • 2
  • Im not familiar with SLR/STR but basically in wireshark you can show each protocol specific field in a column. try first to output the field as column, and if its possible - probably filtering by that field is also possible. – chenchuk Feb 13 '16 at 19:25

1 Answers1

1

Do you want to filter on diameter.Session-Id?
Go to Packet details
Expand Diameter Protocol
Right-click on Session-ID (for example: diameter.Session-Id == "supauth.eap.testbed.aaa;1273828925;1;client;gw.eap.testbed.aaa")
Select Apply as Filter
Go to Statistics -> Conversations
Select IPv4
Check "Limit to display filter"

Links Statistics menu, Wireshark Display Filter Reference and Wireshark Wiki

Hope this helps.