添加链接
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接

First time here? Check out the FAQ!

How can I search within data, specifically in the TCP segment data?

asked 2019-10-18 21:56:40 +0000

jmeg8237 gravatar image

I've completed the original task I started out trying to accomplish (dissecting four customer captures, looking for one particular packet in each one), but I'm trying to learn from the experience and understand if there's a more effective way of filtering packets. I was looking for a specific string that appears in the TCP segment data. When I Googled, I found a search field for data-text-lines but this does NOT return the packet I'm trying to find, and I can't tell where in the packet that field actually searches for. But it was not what I needed.

So I'm trying to figure out if there's a way of searching in that specific field. If I start by typing "tcp" into the filter field, it shows a few options (tcp.port, tcpcl, tcpencap, and tcpros), but none of them look like they would apply, nor does <filtername> contains "data_string"> return the one packet with the correct string I need.

Anybody have any suggestions on how to accomplish this?

edit retag flag offensive close merge delete
0

answered 2019-10-18 23:31:41 +0000

Chuckc gravatar image

https://ask.wireshark.org/question/11...
"For TCP, there is the field tcp.payload which is the TCP segment (payload) of the packet, regardless of the upper layer protocol." - SYN-bit
https://www.wireshark.org/docs/man-pa...
Also possible to search the entire frame - frame contains "http"

And in the Wireshark GUI, select Edit->Find Packet ....
Change Display Filter to String or Regular Expression , then change Packet List to Packet Bytes .

edit flag offensive delete

Comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools