-
Wireshark display filters
Google hasn't helped much here.
Looking to compare a bunch of Ethernet packets payloads, so I've captured the data required with Wireshark and plan to export the captures to a text file for comparison. I can't get a display filter to properly filter out 100% of just the payloads. Filtering by tcp.segment_data gets fairly close, but there's other data in the exchange that Wireshark 'helpfully' interprets for the user (eg: UDP, Skype etc) and tcp.segment_data doesn't show those, and thus when exporting it misses those packets.
If I filter just using 'data' - this doesn't show the payload, rather, it just flags the presence or not of a payload.
Any ideas?
-
Ah! "data.data" is the filter I needed.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks