Hello All,
How can i use tshark to filter diameter.User-Name in Wifi Registration scenario where the IMSI has a domain name I have an error message that the symbole "@" confuses the command
[XXXX@WHY-MKTA-1 ~]$ sudo tshark -n -s0 -i bond0.62 -R `"diameter.User-Name==0730030824540655@nai.epc.mnc003.mcc730.3gppnetwork.org"`
tshark: "@" was unexpected in this context.
Thanks
It seems to be a problem of quoting. Try:
sudo tshark -n -s0 -i bond0.62 -Y 'diameter.User-Name=="[email protected]"'
Also notice that I changed -R to -Y; otherwise this command fails as follows (at least with modern versions of tshark):
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
... and if you attempt to use -2R, you will get:
tshark: Live captures do not support two-pass analysis.
Thank you so much, was error due to the quoting .
[XXXX@WHY-MKTA-1 ~]$ sudo tshark -n -s0 -i bond0.56 -R 'diameter.User-Name=="[email protected]"'
Running as user "root" and group "root". This could be dangerous.
Capturing on bond0.56
51.742833267 172.16.12.8 -> 172.18.126.70 DIAMETER 670 cmd=Diameter-EAPRequest(268) flags=RP-- appl=Unknown(16777264) h2h=86b6010 e2e=57d9d866
51.953742978 172.18.126.70 -> 172.16.12.8 DIAMETER 490 cmd=Diameter-EAPAnswer(268) flags=-P-- appl=Unknown(16777264) h2h=86b6010 e2e=57d9d866
52.271521983 172.16.12.8 -> 172.18.126.70 DIAMETER 590 cmd=Diameter-EAPRequest(268) flags=RP-- appl=Unknown(16777264) h2h=186cb010 e2e=57d9d867
52.278289892 172.18.126.70 -> 172.16.12.8 DIAMETER 894 cmd=Diameter-EAPAnswer(268) flags=-P-- appl=Unknown(16777264) h2h=186cb010 e2e=57d9d867
^C4 packets captured
Asked: 2018-06-14 21:27:16 +0000
Seen: 359 times
Last updated: Jun 21 '18
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
