Getting blank data for e212.imsi field while using tshark
Hi I;m using tshark to filter some of the required fields, where as the field "e212.imsi" is giving blank data. can anyone please help.
There is a pcap attached to GTPv2: IMSI is decoded improperly. What do you get with:
Hi @Chuckc, used your test pcap, pasting the below out. $ tshark -r ./gtp.pcap -T fields -e e212.imsi -e e212.mcc -e e212.mnc 250,250,123 3,3,456
im using tshark on amazon linux2 box, and the tshark version is TShark 1.10.14
That's a really old version of tshark. If an upgrade package is not available you may have to build from source.
But when I try to update the package it say its the latest version.. $ sudo yum install wireshark Loaded plugins: extras_suggestions, langpacks, priorities, update-motd https://download.docker.com/linux/cen...: [Errno 14] HTTPS Error 404 - Not Found Trying other mirror. Package wireshark-1.10.14-24.amzn2.x86_64 already installed and latest version Nothing to do
Do you think I should use any other source. Thanks in advance..