I hope someone can help me out with this issue I am facing. I had a question regarding Wireshark filters. I am trying to filter out packets according to "Subscriber ID". However this attribute is only present in the "Request" packets. The "Answer" packets correspnding to these requests do not contain "Subscriber ID" attribute. As a result I end up having the packets of type "Answer". I tried to find a common attribute between the "Request" and "Answer" packets so that I can filter both types (Request and Answer) according to it; however I was not able to.
My question is the following; is there a way by which I can apply a filter that also removes any related packets? (in that case it is supposed to remove any "Answer" packets)
I find the way I described the filter I need confusing, in case any clarifications is needed please inform me.
Thanks a lot for the support !
This question is marked "community wiki".
There is a workaround. First of all make a backup of the trace :D. Then list all the "Requests" according to the attribute you are searching for. Then "Edit" -> "Ignore All Displayed Packets". As a result all the "Answers" relating to these packets will be marked with a black color and then you can find out which answers are of importance to you.
answered 26 Jul '11, 02:44