I have a large trace which only contains Radius Traffic (but could apply to any type of traffic) and radius.User_Name == "UserID" But I would also like to get the responses I get back from the destination server. Something like: radius.User_Name == "UserID" and response Would be exactly what I would be looking for to filter on. This would be an extremely useful feature to be able to filter either on the source or destination flows such as being able to do: radius.code == 3 and request Or http.response.code == 404 and request So that way you could take a trace of all http traffic, and then filter on any 404 error messages you got, plus then also grab the request that was being made. How difficult would this be to add into the analysis filter? asked 27 Jun '11, 14:57  Peter Lambre... retagged 27 Jun '11, 19:11  helloworld |
One Answer:
I've answered my own question. Using MATE: http://wiki.wireshark.org/Mate/Examples#using_RADIUS_to_filter_SMTP_traffic_of_a_specific_user This can do the matching of the source and destination traffic and we can filter on that. mate.radius_ses.username == "UserName" answered 27 Jun '11, 16:55 Peter Lambre... edited 27 Jun '11, 17:05 |
