This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Data filter by byte not string

0

Hello All,

I want to search on the Data field of a TCP packet where I can search on a data byte pattern not a data string, Is this possible, if so how?

Regards

B

asked 13 Sep '11, 09:14

Baz's gravatar image

Baz
31224
accept rate: 0%

edited 13 Sep '11, 10:16

helloworld's gravatar image

helloworld
3.1k42041


One Answer:

1

Yes, you can use display filter syntax to search for a particular byte sequence. Here's an example display filter to find {A1,B2,C3,D4} anywhere in tcp.data:

tcp.data contains A1:B2:C3:D4

answered 13 Sep '11, 10:15

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%