Wireshark · Wireshark-users: Re: [Wireshark-users] Can Wireshark to byte offset matching

Wireshark-users: Re: [Wireshark-users] Can Wireshark to byte offset matching

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>

Date: Sat, 9 Aug 2008 20:06:14 +0400

Hi Alex,

You could try a display filter like this:
tcp[offset_within_tcp:num_bytes]==4e:10

More examples in:
http://wiki.wireshark.org/DisplayFilters

HTH
Abhik.

On Fri, Aug 8, 2008 at 9:02 PM, Alex Lee <Alex.Lee@xxxxxxxxxxxx> wrote:
> Can Wireshark perform byte offset matches like tcpdump does? For example, if
> I'm looking for something in the tcp options field, in tcpdump, to match
> against a hex value in that port of the tcp field, I'd do something like
> this:
>
>
>
> # tcpdump …………. tcp[33:2]=0x4e10
>
>
>
> If the captures are already taken in the WS cap format, is there a way I can
> use the expression above? It seems like this isn't the case but I thought
> I'd ask.
>
> Alex Lee
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>

References:
- [Wireshark-users] Can Wireshark to byte offset matching
  - From: Alex Lee

Prev by Date: Re: [Wireshark-users] Identifying application
Next by Date: Re: [Wireshark-users] Empty Source and Destination Columns!
Previous by thread: [Wireshark-users] Can Wireshark to byte offset matching
Next by thread: [Wireshark-users] (no subject)
Index(es):
- Date
- Thread