Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2022-04-21 14:34:07 +0000

Rev gravatar image

json export multiple fields

I have a captured structure package

[
  {
    "_index": "packets-2022-01-25",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "filtered": "frame"
        },
        "eth": {
          "filtered": "eth"
        },
        "ip": {
          "filtered": "ip"
        },
        "sctp": {
          "filtered": "sctp"
        },
        "s1ap": {
          "filtered": "s1ap"
        },
        "sctp": {
          "filtered": "sctp"
        },
        "s1ap": {
          "filtered": "s1ap"
        }
      }
    }
  }
]

command -T json -e s1ap.CellIdentity -e s1ap.ENB_UE_S1AP_ID -e s1ap.m_TMSI return

[
  {
    "_index": "packets-2022-01-25",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "s1ap.CellIdentity": [
          "0x06eddd33",
          "0x06eddd34"
        ],
        "s1ap.ENB_UE_S1AP_ID": [
          "278442",
          "278472"
        ],
        "s1ap.m_TMSI": [
          "4195248394"
        ]
      }
    }
  }
]

how can I find out which layer belongs to "s1ap.m_TMSI": ["4195248394"]

perhaps there are ways to fill in fields in the absence of values?

json export multiple fields

I have a captured structure package

[
  {
    "_index": "packets-2022-01-25",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "filtered": "frame"
        },
        "eth": {
          "filtered": "eth"
        },
        "ip": {
          "filtered": "ip"
        },
        "sctp": {
          "filtered": "sctp"
        },
        "s1ap": {
          "filtered": "s1ap"
        },
        "sctp": {
          "filtered": "sctp"
        },
        "s1ap": {
          "filtered": "s1ap"
        }
      }
    }
  }
]

command -T json -e s1ap.CellIdentity -e s1ap.ENB_UE_S1AP_ID -e s1ap.m_TMSI return

[
  {
    "_index": "packets-2022-01-25",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "s1ap.CellIdentity": [
          "0x06eddd33",
          "0x06eddd34"
        ],
        "s1ap.ENB_UE_S1AP_ID": [
          "278442",
          "278472"
        ],
        "s1ap.m_TMSI": [
          "4195248394"
        ]
      }
    }
  }
]

how can I find out which layer belongs to "s1ap.m_TMSI": ["4195248394"]

perhaps there are ways to fill in fields in the absence of values?

json export multiple fields

I have a captured structure package

[
  {
    "_index": "packets-2022-01-25",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "filtered": "frame"
        },
        "eth": {
          "filtered": "eth"
        },
        "ip": {
          "filtered": "ip"
        },
        "sctp": {
          "filtered": "sctp"
        },
        "s1ap": {
          "filtered": "s1ap"
        },
        "sctp": {
          "filtered": "sctp"
        },
        "s1ap": {
          "filtered": "s1ap"
        }
      }
    }
  }
]

command -T json -e s1ap.CellIdentity -e s1ap.ENB_UE_S1AP_ID -e s1ap.m_TMSI return

[
  {
    "_index": "packets-2022-01-25",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "s1ap.CellIdentity": [
          "0x06eddd33",
          "0x06eddd34"
        ],
        "s1ap.ENB_UE_S1AP_ID": [
          "278442",
          "278472"
        ],
        "s1ap.m_TMSI": [
          "4195248394"
        ]
      }
    }
  }
]

how can I find out which layer belongs to "s1ap.m_TMSI": ["4195248394"]

perhaps there are ways to fill in fields in the absence of values?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2