Simplest Method to analyse a block
Which is the simplest method to analyze the output and find if a block of data is present. I am working on wireshark traces analysis and would like to check if a block of data is present in the trace. I tried adding analysis rule to check line by line but it is tedious when the number of lines increase. Is there a better way out?
I was thinking of block response but how to i evaluate presense of a block in the output. I need no data extraction, just a yes or no kind off analysis.
Hi,
By seeing the response, you can find out if there is any block or not. If a particular pattern is repeating it self again and again in the response, then you can treat one pattern as one block and do the block mapping for it. iTest will automatically do the block mapping for all the other similar responses.
Once you will do the block mapping, then iTest will automatically generate some queries which you can use in your analysis rule or even create some more queries using custom query. And it will be implemented for all the similar blocks, so you will not have to do analysis rule for each line.
Thanks for your reply..
I worked on block map analysis.. Have a few doubts in it..
I would like to have a customised failure message rather than the automated message that appears when a block is missing. Is this possible??
Secondly, is it possible to have a generic block defined using something like regular expressions so that it can automatically map any given structure invariable of the data content.
can you provide a sample response that you're trying to analyze?
Find below a sample block taken from the response..
7 1.484577 192.168.174.56 -> 192.168.170.194 SIP Request: REGISTER sip:sip.net
8 1.495584 192.168.170.194 -> 192.168.174.56 SIP Status: 401 Unauthorized (0 bindings)
9 1.512391 192.168.174.56 -> 192.168.170.194 SIP Request: REGISTER sip:sip.net
10 1.552003 192.168.170.194 -> 192.168.174.56 SIP Status: 200 OK (1 bindings)
These 4 lines iterate in the trace with different IP addresses.
My analysis is to search the trace and find out if such a call flow is present in the trace. I tried using block map but I am facing an issue.
I do not want my block mapping to bother about the data before the IP address because the line number is a variable. Currently for me when the line starts at 10, it returns an error stating expected a space instead of digit.
Also I would like to make it a generic map, something like I query the structure with the IP address or SIP id and it should return me status whether the block is available or not. Is this possible?
Hi hamadaltaf,
For the question "I would like to have a customised failure message rather than the automated message that appears when a block is missing. Is this possible??" , please find the below attachment..
You can customize the description in "DeclareExecutionIssue"
Hi Sreenath,
I get the method of customizing the error message but that is in the case of an analysis rule but considering my situation, i have a block response map which i am not able to query. But the map automatically generates a error message when it is not able to match with the sample response. I would like to modify that error message.
Thanks for the reply. The info will be useful in future.
Could you please attach the response map which you have created.
I would like to take a look and check where the issue is !!
Thanks,
Venkat
Hi Venkat,
Find attached my response map.
All i would like to have is a query that i can be use to identify the presence of a block in the response output. Let me know incase there is a better or an alternate way to do it.
Block map won't meet your needs. Block map is very strict. It needs to match every word and line of your response. It sounds like what you need is a pattern map.
You can create your own regular expression that matches anything you want. Since your response has the same structure for every line, if you're good at regular expression, you can come up with one expression that matches the item you're looking for on every line. The matching text in the blue box is a query that you can use in your test case.
Now I don't know which blocks or words you want to check the existence of. I created an example where the pattern matches the second IP address on every line.
I basically selected the IP address in the "Identifying text" text box. iTest automatically generated a regular expression for me based on my selection. I unchecked "automatically update definitions to main consistency", and modifed the anchors so that it matches the IP address on every line.
In my test case, I stored the response in a variable. On the next step, I use the query command to loop through each line and check that the IP address is equal to a certain value.
Hope this helps. See the attachments.
Thanks for that information...
I actually proceeded with using table mapping instead of pattern mapping and found a solution. Also used pattern matching in some places to extract some data.. I opened this thread to know in case there is a better way of analysing the response using block mapping which i had never tried.
Thanks for your reply.
