Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Counting packets with a matching payload

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Scott Sheppard" <scott.sheppard@xxxxxxxxxxxxxxxxx>
Date: Wed, 6 Feb 2008 18:42:10 -0000

Hello 

I have a data set with 50,000 packets in it. Many of them have a TCP/IP
packet with a payload that follows a pattern. The pattern is a 1024 byte
payload with 55 aa 55 aa etc hex in it. I want to filter this data set and
count how many packets have this pattern it is. 

Any thoughts?

I can do this with a decode filter on my clearsight and Network Instruments
analyzers but I am stuck with how to do this in WS. 

Thanks

Scott Sheppard
ATT Labs
  • Follow-Ups:
    • Re: [Wireshark-users] Counting packets with a matching payload
      • From: Sake Blok
  • Prev by Date: Re: [Wireshark-users] Problem: i only sniff my own packets, not network packets
  • Next by Date: [Wireshark-users] Capture Filter Help
  • Previous by thread: Re: [Wireshark-users] Problem: i only sniff my own packets, not network packets
  • Next by thread: Re: [Wireshark-users] Counting packets with a matching payload
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation