 | 1 | initial version |
(MATE can be very frustrating to work with)
From the WSUG 12.7.1. Attribute Value Pairs:
12.7.1.2. Value The value is a string. It is either set in the configuration (for configuration AVPs) or by MATE while extracting interesting fields from a dissection tree and/or manipulating them later. The values extracted from fields use the same representation as they do in filter strings.
Pdu smpp_pdu Proto smpp Transport mate {
Extract cmd From smpp.command_id;
Extract seq From smpp.sequence_number;
};
Gop smpp_session On smpp_pdu Match (seq) {
Start (cmd="0x00000004");
Stop (cmd="0x80000004");
};
Done
Output from the Wiki Sample Capture (smpp.cap (libpcap)):
MATE smpp_pdu:6->smpp_session:1
smpp_pdu: 6
smpp_pdu time: 28.922
smpp_pdu time since beginning of Gop: 0.00800896
smpp_pdu Attributes
cmd: 0x80000004
seq: 3
smpp_session: 1
GOP Key: seq=3;
smpp_session Attributes
seq: 3
smpp_session Times
smpp_session start time: 28.914
smpp_session hold time: 0.00800896
smpp_session duration: 0.00800896
smpp_session number of PDUs: 2
Start PDU: in frame: 9 (0.000000 : 0.000000)
Stop PDU: in frame: 10 (0.008009 : 0.008009)
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.