Wireshark-users: Re: [Wireshark-users] Hex Offset Needed

From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Mon, 1 Mar 2010 19:36:23 -0500

Another way for me  to track this problem down is for me to sniff all Safari browsers on MAC’s using HTTP coming into our webservers.

 

I will need to create a filter using the offset values for:

 

HTTP_USER_AGENT=Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_11; en)

 

Can anyone help me this together?

 

Thanks

 

john

 

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sheahan, John
Sent: Monday, March 01, 2010 5:38 PM
To: 'Community support list for Wireshark'
Subject: [Wireshark-users] Hex Offset Needed

 

I am trying to troubleshoot an HTTP problem where the StatusCode=0 in the HTTP header.


I need to capture packets containing this parameter but since I am doing it on a Netscout probe, I have no way to figure out the offset of this in a packet.

 

Can anyone tell me what hex offset I would need to put in as a filter to capture these packets?

 

Thanks

 

John