Hey, I can detect CFLOW messages in wireshark and they have the information I need,like the src address, dest address etc but when I do Follow UDP Stream the output in ASCII are characters like these ".J.B......2........" for example. So does anyone know if there is a way to decode these characters to get something useful out of them. Thank you! asked 13 Sep '12, 23:08  remit |
One Answer:
"Follow TCP Stream" and "Follow UDP Stream" serve two purposes. The main purpose is to show a simple display of text-based protocols; a secondary purpose is that they also filter the display to show the packets in a given TCP or UDP conversation. The first of those purposes is not useful for non-text-based protocols. For non-text-based protocols, you just use the packet dissection, as shown in the packet summary and packet details pane. The ASCII characters - or rather the raw bytes corresponding to them - are decoded by the Wireshark dissectors. answered 01 Nov '12, 12:08  Guy Harris ♦♦ |
If you find out, I would love to know as well!