packet contains string
So lets say I send a message to a friend on Steam, e.g. "Hello, ignore this message". Using Wireshark I would like to then search for the packet containing that string, and extract the destination IP address. I have already tried using the filter: (tcp contains "the message...") or (udp contains "the message..."). But currently no packets are being displayed at all. So how would I go about do this? any answers much appreciated, thank you.
Maybe the message is encrypted, in which case you won't be able to match packets with that string until you decrypt it. What protocol carries the message? Perhaps you could share a sample pcap file?
What protocol carries the message? Unfortunately Steam don't specify the port or protocol used by client chat here. share a sample pcap file? i'm not sure how to upload the file, there does not appear to be an upload button anywhere.
You can upload a sample pcap file to any online file sharing service, such as cloudshark, pcapr, drive, dropbox, pastebin, ..., although not all of these are accessible for everyone from every corporate environment, at least not from my corporate environment. I would suggest cloudshark, except that they only provide a free 30 day trial; after that you can't even access your own uploaded pcap files anymore. Maybe try https://pcapr.net/home first if you don't want to worry about expiring accounts on cloudshark?