Configuring substring operator filters
Offset filters are filters in which you actually say, "Go to field x in the protocol header and check if the next y bytes equal to….".
These filters can be used in many cases in which a known string byte appears somewhere in the packet and you want to display packets that contain it.
Getting ready
To step through this recipe, you will need a running Wireshark software and a running capture; there are no other prerequisites. The general representation for offset filters is:
Protocols[x:y] == <value>
Here, x refers to the bytes from the beginning of the header and y refers to the number of bytes to check.
How to do it...
Examples for filters that use substring operators are as follows:
- Packets to IPv4 multicast addresses ...
Get Network Analysis Using Wireshark Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
