When I wireshark the packets do not always arrive at the server in the sequence in which they were generated. This means that if I filter by the date of arrival at the server, I may also get older packets that I do not want and miss new packets that are required. I could use the information in the info field to get the correct sequence of packets but don't know how to do this. Is there a method to extract time text from the data payload and use it to filter, (similar to frame.time) ? asked 07 Apr '15, 03:59  seanj |
One Answer:
In general, no, as most packets do not have the time the packet was sent as part of the packet data, as most protocols do not include that in the packet. answered 07 Apr '15, 20:43  Guy Harris ♦♦ |
Thanks Guy, however the packets I am interested in, all have a date in the data payload. I have performed this operation to some degree using a high level programming language but it would be handier if I could just filter the info i need in wireshark. If it can't be done, it can't be done...
If you know your protocol you could write a LUA dissector that hands you this information you can filter on.
That would be a dissector then. You can create a plain text (WSGD), Lua or a traditional C dissector.