Wireshark · Wireshark-users: [Wireshark-users] Filtering on fields in tunnel headers

Wireshark-users: [Wireshark-users] Filtering on fields in tunnel headers

From: Martin Isaksson <martin.isaksson@xxxxxxxxxxxx>

Date: Tue, 11 Sep 2012 23:30:38 +0200

Hi all!

If I have a packet with protocols like eth:vlan:ip:udp:gtp:ip:tcp, is there a way to filter in one of the IP headers only?

I know I can do frame[22:2] == D4:DD (here IP ID of first IP header), but it's not very dynamic, so if for some reason the bytes are in different places, this would fail.

Another work-around I've tried is to list one of the IP IDs with tshark and grep.

Thanks,

Martin

Follow-Ups:
- Re: [Wireshark-users] Filtering on fields in tunnel headers
  - From: Jaap Keuter

Prev by Date: Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
Next by Date: [Wireshark-users] Reason for RTP Pb?
Previous by thread: Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
Next by thread: Re: [Wireshark-users] Filtering on fields in tunnel headers
Index(es):
- Date
- Thread