On Wed, Feb 06, 2008 at 06:42:10PM -0000, Scott Sheppard wrote:
>
> I have a data set with 50,000 packets in it. Many of them have a TCP/IP
> packet with a payload that follows a pattern. The pattern is a 1024 byte
> payload with 55 aa 55 aa etc hex in it. I want to filter this data set and
> count how many packets have this pattern it is.
>
> Any thoughts?
You could use a display filter to select the frames and then use
statistics (or the status bar) to count the amount of filtered
frames.
To build a displayfilter matching these packets, make sure the protocol
that contains these 55aa55aa paterns is disabled (Analyze -> Enabled Protocols).
This way, tcp will hand of dissection to the data dissector.
Double-click on "data (xxx bytes)" in the packet details pane. Then
rightclick on "Data: 55aa55aa55aa55..." and select "Apply as Filter ->
Selected".
That should do the trick :-)
Cheers,
Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
