We have Linux OS installed on one of our nodes (which has SS7 stack) now if we want to filter packets which are submit towards network we use below command to do.
tcpdump -ni any sctp s0 -w filename.pcap
Now above command captures the all packets of ss7 layer, is it possible to prepare a filter on command line itself like ((gsm_sms.tp-mti == 0) && (gsm_map.imsi_digits == "404971026311824")) we do filtering in wireshark OR what type of filtering options are there.
Or can wireshark itself be helpful do so, because i tried using Interface remote but its not possible as server/node does have direct connectivity its via a different server.
asked 06 Aug '12, 23:14
tcpdump only supports capture filters, not Wireshark's (far richer) display filters. As such, you can't filter for things like gsm_sms.tp-mti with tcpdump. With capture filters you're limited to the things that libpcap understands. See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8), or, if that doesn't exist, http://wiki.wireshark.org/CaptureFilters .
answered 07 Aug '12, 07:51