1 | initial version |
I have investigated more in deep for this problem. The major problem is DRDA protocol is much more complicated and does not actually have fixed number of characters since TCP header. It is so not possible to write capture filter to get anything meaningful, except to have big luck to get few of the packets captured this way, but most of them not captured at all.
Conclusion, using offset for capturing DRDA protocol is not meaningful, because DRDA headers change from packet to packet.