I have a network capture that contains DICOM data.
My question is: Shouldn't I be able to use the filter: dicom contains "C-MOVE-RQ" to show only packets that have a DICOM header containing that string? I would think the answer is yes. Yet, I can not use that filter to show only those packets. Any thoughts out there on this?
asked 19 Apr, 11:00
The DICOM dissector doesn't provide a field for command values.
A workaround can be to use the hex bytes of the C-MOVE-RQ command (0x0021) in the display filter.
Please be aware of the endianness of the capture. So a
If this lists too much packets prepending the hex bytes of the Unsigned Short can help.
answered 19 Apr, 11:44