From 111f9da4f5b46c79b2fe0584a60ba52539c21503 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Thu, 18 Dec 2025 15:03:40 +0100 Subject: [PATCH] pyshark_gsmtap: Adjust display filter for some wireshark versions On my debian unstable system with wireshark 4.6.2-3, the pyshark_gsmtap APDU source misses to report any ATRs, as those are not part of what's reported with the 'gsm_sim' display filter. This is due to wireshark.git commit bcd82e2370d18e20983b378d494964d89c191cef first part of the 4.6.0 release, which splits the ATR dissection into a separate sub-dissector. We cannot use the seemingly logical 'gsmtap.type == 4' instead, as old wireshark simply bypasses any output for the gsmtap header if the SIM sub-dissector is used. Hence, 'gsm_sim || iso7816.atr' is something compatible with older and newer wireshark versions. Change-Id: I53c1c8ed58a82c37cd4be4af3890af21da839e86 --- pySim/apdu_source/pyshark_gsmtap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pySim/apdu_source/pyshark_gsmtap.py b/pySim/apdu_source/pyshark_gsmtap.py index e8f5d180..13562d98 100644 --- a/pySim/apdu_source/pyshark_gsmtap.py +++ b/pySim/apdu_source/pyshark_gsmtap.py @@ -84,5 +84,5 @@ class PysharkGsmtapPcap(_PysharkGsmtap): Args: pcap_filename: File name of the pcap file to be opened """ - pyshark_inst = pyshark.FileCapture(pcap_filename, display_filter='gsm_sim', use_json=True, keep_packets=False) + pyshark_inst = pyshark.FileCapture(pcap_filename, display_filter='gsm_sim || iso7816.atr', use_json=True, keep_packets=False) super().__init__(pyshark_inst)