I've captured some http packets and want to find out which ones contain some string. I use "Edit->Find Packet" with "Packet bytes" option selected, but it doesn't find anything because the data is compressed (Content-Encoding: gzip). When I search in "Packet details", it doesn't find everything because some lines are too long and get truncated. Is there any way to search in uncompressed packet bytes? asked 08 Oct '11, 11:56 humanista |
One Answer:
My first suggestion would have been to use "http contains <xxx>", but "http" only points to the compressed data. Digging a little deeper gives me a second suggestion that does seem to work. The uncompressed data is put in a new TVB and in the packet-details pane the dissection is listed under "data-text-lines". So you can use the (search or display) filter:
Hope this works for you! answered 09 Oct '11, 00:43 SYN-bit ♦♦ |
'http and data-text-lines contains "string"' works perfectly. Thank you very much!
(converted your "answer" to a "comment" please see the FAQ for details)