Search Hex sequences inside Wireshark packet list

Pals,
If you are capturing some packets across your network and if you want to find a specific pattern from the huge list of packets then you can make use of the the available wireshark filter “tcp matches”. It can save a bunch of your time as it will directly take you to your desired place within a short period of time. Below is an example of how you can find “.exe\x20″ from the packets lists

tcp matches "\x2e\x65\x78\x65\x20"

NOTE: You can make use of several RegEx patterns to refine your search as well.

Enjoy!
XyluX

Leave a comment | Trackback
Dec 24th, 2009 | Posted in Tutorials
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
RSS for comments on this post

*