This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Extraction of packet content

0

Dear all,

I am new in packet sniffing and processing.

I would like to ask you if there is an easy way to filter packets according to their content.

For example if payload consists of temperature data, do you think that a query such that (if data > 30deg) is possible?

Thank you in advance

asked 22 Jan '13, 03:18

Foued's gravatar image

Foued
1113
accept rate: 0%


2 Answers:

2

Data is just that, raw data. To give it meaning, like temperature in degrees Celsius, you either:

  • Create a display filter which selects part of the data, which you then give meaning.
  • Create a dissector to make the interpretation of the data, and present it to the user.

For example, if you know that the byte you want to look at (the temp) is at offset 10 from the start of the data payload, and you know the data is the temperature in degrees, then you can use data.data[10:1] > "\x1e" to filter them out.

answered 22 Jan '13, 04:01

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

1

Look here Filter packets

answered 22 Jan '13, 07:17

Ewgenijkkg's gravatar image

Ewgenijkkg
668915
accept rate: 60%