This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark filters

0

Hi,I have one socket chat program and I want capture their traffic, I want write a filter that can capture based on special text ,for example if they said "hi" ,wireshark capture it . please help me to write this filtering .

asked 26 Mar '16, 04:01

Eli's gravatar image

Eli
6112
accept rate: 0%

edited 20 Jul '16, 15:44

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


One Answer:

1

In the unlikely case of your chat traffic being un-encrypted the filter would be

frame contains "hi" or frame contains "Hi"

but I have doubts that his is the case. If it is TLS encrypted you cannot see the plain text data and therefore cannot filter on the content of the encrypted packets.

Regards Matthias

answered 26 Mar '16, 09:16

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%