How to write a filter in Wireshark/Ethereal that displays only packets with a specific string

wireshark

Wireshark supports filters like this:

ip.addr == 192.168.0.1

What is the syntax to check the packet content?

(C# equivalent of what I want)

content.Contains("whateverYouWant")

Best Answer

There seems not to be an generic way of doing this. The filter you need to apply is dependent on the protocol you are listening for. Try looking at the filter list at http://www.wireshark.org/docs/dfref/.

Related Solutions

How to filter those TCP packets on Wireshark/Ethereal

I found the answer:

tcp.flags.push == 1

How to limit packet capturing in Wireshark to only a specific protocol

In the filter field enter tcp.port eq 8080

Ref.: Wireshark: Help -> Manual pages -" Wireshark Filter ...

As far as I know this is an alternate HTTP port in TCP only:

HTTP alternate (http_alt)—commonly used for Web proxy and caching server, or for running a Web server as a non-root user and Apache Tomcat in TCP only

Ref.: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Hope this help. Let us know. :)

Best Answer

Related Solutions

How to filter those TCP packets on Wireshark/Ethereal

How to limit packet capturing in Wireshark to only a specific protocol

Related Question