On Nov 19, 2003, at 12:14 PM, Tony Scarola wrote:
I am attempting my first Ethereal 0.9.16 packet capture and
analysis(660,865
frames). Upon performing the protocol analysis, I have come across the
protocol "Data" (Frame/Ethernet/Internet Protocol/Transmission Control
Protocol/Data) as shown within "Protocol Hierarchy Statistics" screen,
and
cannot find any information as to its definition. I assume it refers
to TCP
data that does not match the "known" ports that Ethereal understands,
but
need to be sure.
It refers to anything that a given dissector, such as the TCP
dissector, doesn't find a dissector to handle, and dissects it as
"Data" instead. If it's under "Transmission Control Protocol", it
refers to TCP payload for traffic that isn't to or from a known port,
isn't matched by a heuristic dissector that runs atop TCP (ONC RPC, DCE
RPC, etc.), and isn't part of a conversation set up by another protocol
(e.g., something set up as RTP or RTCP by RTSP or SIP/SDP).
Is there any way to build a filter to show only this TCP Data as
described
above?
"tcp && data" should work - although that'd also show packets if the
protocol running atop TCP *itself* had payload that it handed to a
subdissector, but couldn't find a subdissector and dissected it as
"Data".