Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Can Wireshark to byte offset matching

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Alex Lee <Alex.Lee@xxxxxxxxxxxx>
Date: Fri, 8 Aug 2008 10:02:56 -0700

Can Wireshark perform byte offset matches like tcpdump does? For example, if I’m looking for something in the tcp options field, in tcpdump, to match against a hex value in that port of the tcp field, I’d do something like this:

 

# tcpdump …………. tcp[33:2]=0x4e10

 

If the captures are already taken in the WS cap format, is there a way I can use the _expression_ above? It seems like this isn’t the case but I thought I’d ask.


Alex Lee

 

  • Follow-Ups:
    • Re: [Wireshark-users] Can Wireshark to byte offset matching
      • From: Abhik Sarkar
  • Prev by Date: [Wireshark-users] bug in sub-allocator emem.c - guard pages cause unnecessary 'out of memory' condition
  • Next by Date: Re: [Wireshark-users] Unhandled exception (group=1, c ode=6), tshark with -e and -T parameters
  • Previous by thread: Re: [Wireshark-users] bug in sub-allocator emem.c - guard pages cause unnecessary 'out of memory' condition
  • Next by thread: Re: [Wireshark-users] Can Wireshark to byte offset matching
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation