This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dear all,

I am new in packet sniffing and processing.

I would like to ask you if there is an easy way to filter packets according to their content.

For example if payload consists of temperature data, do you think that a query such that (if data > 30deg) is possible?

Thank you in advance

asked 22 Jan '13, 03:18

Foued's gravatar image

Foued
1113
accept rate: 0%


Data is just that, raw data. To give it meaning, like temperature in degrees Celsius, you either:

  • Create a display filter which selects part of the data, which you then give meaning.
  • Create a dissector to make the interpretation of the data, and present it to the user.

For example, if you know that the byte you want to look at (the temp) is at offset 10 from the start of the data payload, and you know the data is the temperature in degrees, then you can use data.data[10:1] > "\x1e" to filter them out.

permanent link

answered 22 Jan '13, 04:01

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Look here Filter packets

permanent link

answered 22 Jan '13, 07:17

Ewgenijkkg's gravatar image

Ewgenijkkg
668915
accept rate: 60%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×122
×9
×7

question asked: 22 Jan '13, 03:18

question was seen: 5,067 times

last updated: 22 Jan '13, 07:17

p​o​w​e​r​e​d by O​S​Q​A