Wireshark: IP Octet Capture Filter

In this video, you will learn how to configure a filter to capture packets that have a specific last octet. The technique can be used to capture packets with specific application signatures, viruses, worms, and more.

Tony Fortunato

January 8, 2019

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

One of the most powerful features of any protocol analyzer is the ability to capture or filter down to the byte or bit. This procedure goes by many names but all reference the words ‘Pattern Offset’ or ‘Data Offset.’

The word offset may seem a bit overwhelming, but the concept is very straightforward. You identify what you want to filter on which is referred to as the ‘data’ or ‘pattern.’ The second part is to determine where the data or pattern is in the packet, which is referred to the ‘offset.’

(Image: Pixabay)

The offset can get a bit confusing since you need to pay attention to where you are starting your offset.  This is based on which filter you decide to use.  For example, you could start your offset from the Ethernet frame, IP, TCP, or UDP header.

In the video below, I walk you through how to configure a capture filter that will capture packets that have 180 as the last octet.

This same technique may be used to capture packets with specific application signatures, viruses, worms, and more.  Try it out, and you will soon see that this isn't as complicated as you might think.

 

 

About the Author

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights