wireshark-users October 2010 archive
Main Archive Page > Month Archives  > wireshark-users archives
wireshark-users: Re: [Wireshark-users] display text representati

Re: [Wireshark-users] display text representation of ldap.filter in tshark

From: Alexander 'Leo' Bergolth <leo_at_nospam>
Date: Mon Oct 18 2010 - 07:44:20 GMT
To: wireshark-users@wireshark.org

On 10/18/2010 04:07 AM, Stephen Fisher wrote:
> On Thu, Oct 14, 2010 at 03:47:43PM +0200, Alexander 'Leo' Bergolth wrote:
>> Is there a way to display the text representation of an ldap
>> search-filter using tshark?
>>
>> I tried -e ldap.filter but this is only a 32 bit filter element (only
>> the first filter element). Is there another display filter or a
>> function that displays a human readable version of the whole
>> search-filter?
>
> The source code has a list of possible values for the ldap.filter
> number:
>
> { 0, "and" },
> { 1, "or" },
> { 2, "not" },
> { 3, "equalityMatch" },
> { 4, "substrings" },
> { 5, "greaterOrEqual" },
> { 6, "lessOrEqual" },
> { 7, "present" },
> { 8, "approxMatch" },
> { 9, "extensibleMatch" },
>
> Are these values you're trying to display? I don't think it's possible
> in tshark right now, although I thought I saw a request for that and
> possibly even work toward it not too long ago. Wireshark displays
> those text strings in the custom columns now.

Actually I was trying to display a string representation of the whole
search filter, not just the initial "search operator".

Something like the line that the "tshark -V" output displays for an ldap
search filter:

           Filter: (&(objectclass=wuDepartment)(departmentNumber=3789))

Cheers,
--leo
-- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@wireshark.org?subject=unsubscribe