We switch many millions of data packets daily to multiple
hosts. A small percentage of these packets have EBCDIC in the data
portion of the packet. The only way I have found to decode this is
through the “follow TCP stream”… but that doesn’t allow
me to use the “data contains” in the display filter. And the
stream is a persistent socket, so it’s quite large.
Is there a better way to use the display filter to find a
specific piece of EBCDIC data in a large capture file?
Would it make sense to have a configurable flag to allow
Wireshark to display the data as EBCDIC?
Thanks!
Dave
2008-01-14, 13:06:37
The information contained in this e-mail message and any attachments may be privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this e-mail and delete the message and any attachments from your computer.
|