I have a trace file from the Diameter protocol. My goal is to find all packets (either Answers or Requests) with the same hop-by-hop/end-to-end identifier. This identifier is being given for several hours, and it is unique for each Request-Answer pair of packets during this period of time. I suspect that there are some Requests, which have the same identifier and are very close to each other in time. Thanks in advance! Nick asked 21 Nov '11, 00:31  Nikolay edited 21 Nov '11, 15:04  helloworld |
2 Answers:
To find all Diameter packets with a given hop-by-hop identifier, use the display filter answered 21 Nov '11, 12:20  Guy Harris ♦♦ |
simply write a unix script, 1-in first step extract hop-by-hop id / end-to-end-id 2- in second step apply it as a read filter for extraction use awk/sed etc. it would help. did in my case. answered 04 Apr '14, 08:41  Sanny_D |
Thank you, but how can I find all the packets with the same identifiers - hop-by-hop, end-to-end or hbh/e2e combination?
What do you mean by "with the same identifiers"? What is the same as what?
I mean the different packets with the same identifier-value. I understand that this would be a mistake, but my goal is to find these mistaken packets, which are actually different, but have the same value of hop-by-hop or end-to-end identifiers. Do you follow me?
the answer is clear in the Guy Harrys comment. if you set the filter with hop by hop you will get 1 line. If you set the filter with end-to-end you will get the pair.