This is our old Q&A Site. Please post any new questions and answers at

Hi I am trying to use WireShark to capture packets that being transmitted between server to and the respond coming from to to each request.

I used the following filter to narrow down the results

http && ( (ip.dst == ) || (ip.dst ==  ) ) && frame.time > "2015-09-02 13:00:40.0000"  && frame.time < "2015-09-02 13:20:50.0000" && http.response.code !=  200 && http.response.code !=  201 && http.response.code !=  202

All I am looking for is a packet that contains the following string in its respond body

A session cookie was expected in the request, but not found.

But I can't find a way to see the message body unless I right click on each packet and select "Follow TCP Stream."

How to filter down the results based on a part of the message body?

asked 02 Sep '15, 16:46

Mike%20A's gravatar image

Mike A
accept rate: 0%

edited 02 Sep '15, 16:47

Did you try display filter tcp contains "cookie was expected" ?

permanent link

answered 02 Sep '15, 21:59

mrEEde's gravatar image

accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 02 Sep '15, 16:46

question was seen: 27,288 times

last updated: 02 Sep '15, 21:59

p​o​w​e​r​e​d by O​S​Q​A