Hi All,
I am using pyshark (a Python wrapper for tshark) to analyse traffic capture files, and I ran into a problem around finding Diameter Common Messages request/answer pairs.
The Wireshark GUI helps identifying the answer to a specific Diameter request packet with the field called Answer In. The Request In field helps the other way around. See the Wireshark Diameter Protocol Display Filter Reference, diameter.answer_in and diameter.answer_to field names.
Using the above information makes it easy to construct display filters in the Wireshark GUI for selecting specific request/answer pairs. Unfortunately, when using the tshark CLI on the same capture file, this field seems to be missing.
tshark -r d:/test.pcapng -Y diameter.answer_in # Works in Wireshark GUI, not in tshark
What do I need to use these field names for filtering capture files with tshark?
My tshark version is: TShark (Wireshark) 2.9.0 (v2.9.0-0-gf4238cd2)
Many thanks, Bence
