Wireshark-users: Re: [Wireshark-users] find all tcp stream contain specific data

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: gilles garcia <gilles-garcia@xxxxxxxxxx>
Date: Wed, 11 Feb 2009 14:59:24 +0100
Sake,
 
redecoding in HTTP all communication, the information wich was in data is now in the "request URI"
I think it's not possible to all complete TCP stream where there is this "request URI" ?
 
 
Zoun69
 
2009/2/11 Sake Blok <sake@xxxxxxxxxx>
Hi Gilles,
 
You could use "follow tcp stream" after you have found the packet with "data.data contains <URL>". Or you could use the "conversation filter" option when you right-click in the packet-list.
 
Currently, there is no way to automatically display all complete TCP streams where a certain string apears anywhere within the stream (it is on my wishlist to implement though). This is because it would require a two-step filtering process (once to know which streams contain the packet and then a second run to filter these streams).
 
You could automate the process with tshark though...
 
Cheers,
Sake
----- Original Message -----
Sent: Wednesday, February 11, 2009 12:20 PM
Subject: Re: [Wireshark-users] find all tcp stream contain specific data

Hi Sake,
 
thanks for your replies but doesn't works because communication proxies is not HTTP. It's just TCP.
The url is contain in data.
i can apply the filtre "data.data contain" but in this case i've just the packet wich contains the good string.
I want all TCP Stream where there is the string at a moment in data.
 
i don't know if i'm clear.
 
Scuse my english, i'm a french guy.
 
 
regards
Zoun69 

2009/2/11 Sake Blok <sake@xxxxxxxxxx>
How about:
 
http contains "<URL-string>"
 
Cheers,
 
 
Sake
 
----- Original Message -----
Sent: Wednesday, February 11, 2009 11:18 AM
Subject: [Wireshark-users] find all tcp stream contain specific data

Hi,
 
i captured a lot of communication between 2 proxy and i'm looking for , in the capture, all communication wich contains specific URL in "data".
 
Do you know what filter i can use ?
 
 
Thanks
Zoun69

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe