Using sharkd to search through packets

asked 2023-06-20 06:02:14 +0000

otr gravatar image

updated 2023-06-20 10:12:11 +0000

Sharkd implements many features of Wireshark, but I didn't find a way to search through packets like CTRL+F does in the UI. Is this possible?

edit retag flag offensive close merge delete

Comments

CTRL+S saves the file. Did you mean CTRL+F or CTRL+G?

Chuckc gravatar imageChuckc ( 2023-06-20 08:42:37 +0000 )edit

Yes, you are right, I meant CTRL+F

otr gravatar imageotr ( 2023-06-20 10:11:24 +0000 )edit

Can you work with the list output from a frames request?

Chuckc gravatar imageChuckc ( 2023-06-20 14:39:35 +0000 )edit

I think that approach might work for display filters, but when it comes to string search or hex search, it seems like there would be an excessive amount of data that I would need to send to the client in order to sift through the packets.

otr gravatar imageotr ( 2023-06-20 15:01:06 +0000 )edit

https://www.wireshark.org/docs/wsug_h...
See "6.4.2.2. Some Examples" for searches on hex bytes and strings.
A display filter on frame contains "foo" does a string search.

{"jsonrpc":"2.0", "id":1, "method":"frames", "filter":"frame contains \"hel\""}
Chuckc gravatar imageChuckc ( 2023-06-20 15:08:47 +0000 )edit
see more comments