GIOP MATE for Wireshark

giop.mate

Pdu giop_pdu Proto giop Transport tcp/ip {
        Extract giop_addr From ip.addr;
        Extract giop_port From tcp.port;
		Extract giop_type From giop.type;
		Extract giop_request_id From giop.request_id;
		Extract giop_request_op From giop.request_op;
};

Gop giop_req On giop_pdu Match (giop_addr, giop_addr, giop_port, giop_port,giop_request_id) {
        Start (giop_type = 0);
        Stop (giop_type = 1);
		Extra (giop_request_op);
};

Gog giop_session {
	Member giop_req(giop_addr, giop_addr, giop_port, giop_port,giop_request_id );
	Extra (giop_request_op);
};

Done;

long_query.bat

if not exist GIOP mkdir GIOP
for %%P in (*.pcap) do tshark -o "mate.config: c:\data\quantel.mate" -R "mate.giop_session.Duration >= 1" -2 -r %%P -w GIOP\%%~nP.pcap
cd GIOP
SETLOCAL EnableDelayedExpansion
set myfiles=
IF [%1]==[] ( set FILTER=* ) else ( set FILTER=%1 )
IF [%2]==[] ( set OUTFILE=giop.pcapng ) else ( set OUTFILE=%2.pcapng )
for %%f in (%FILTER%) do set myfiles=!myfiles! "%%f"
rem Cmd /V:on /c 
mergecap.exe -w %OUTFILE% %myfiles%