Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Can Wireshark to byte offset matching
From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Sat, 9 Aug 2008 20:06:14 +0400
Hi Alex, You could try a display filter like this: tcp[offset_within_tcp:num_bytes]==4e:10 More examples in: http://wiki.wireshark.org/DisplayFilters HTH Abhik. On Fri, Aug 8, 2008 at 9:02 PM, Alex Lee <Alex.Lee@xxxxxxxxxxxx> wrote: > Can Wireshark perform byte offset matches like tcpdump does? For example, if > I'm looking for something in the tcp options field, in tcpdump, to match > against a hex value in that port of the tcp field, I'd do something like > this: > > > > # tcpdump …………. tcp[33:2]=0x4e10 > > > > If the captures are already taken in the WS cap format, is there a way I can > use the expression above? It seems like this isn't the case but I thought > I'd ask. > > Alex Lee > > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > >
- References:
- [Wireshark-users] Can Wireshark to byte offset matching
- From: Alex Lee
- [Wireshark-users] Can Wireshark to byte offset matching
- Prev by Date: Re: [Wireshark-users] Identifying application
- Next by Date: Re: [Wireshark-users] Empty Source and Destination Columns!
- Previous by thread: [Wireshark-users] Can Wireshark to byte offset matching
- Next by thread: [Wireshark-users] (no subject)
- Index(es):