Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Wireshark: Searching for Payload Keywords


    I've been working on this for a couple of days now, read up on everything I could find via the wireshark wiki and googling for answers, to no avail.

    I'm looking to make a filter that can handle multiple keywords, and if a keyword is found in the data of a packet (like in the html that's being sent over), it will display it.

    Here's what I've got so far, didn't work as expected:

    frame.protocols contains "http" and http contains "keyword1"

    What happens to this is that GET requests come up (when "keyword1" is present inside), which means that it does work, sort of, but it's like the actual html (which is what I'm really interested in) is being ignored.

    I've also tried it like "http contains "keyword1"", but the same thing happens.

    If anyone could shed some light on this problem it'd be appreciated.


  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    Have you tried to use Follow TCP Stream after you seen the first packet? Because you are filtering only the filter packets are shown. You should still be capturing everything and right clicking on the packet and then selecting the above you should be able to see everything for that session.


    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts