Wireshark: IP Octet Capture Filter
One of the most powerful features of any protocol analyzer is the ability to capture or filter down to the byte or bit. This procedure goes by many names but all reference the words ‘Pattern Offset’ or ‘Data Offset.’
The word offset may seem a bit overwhelming, but the concept is very straightforward. You identify what you want to filter on which is referred to as the ‘data’ or ‘pattern.’ The second part is to determine where the data or pattern is in the packet, which is referred to the ‘offset.’
The offset can get a bit confusing since you need to pay attention to where you are starting your offset. This is based on which filter you decide to use. For example, you could start your offset from the Ethernet frame, IP, TCP, or UDP header.
In the video below, I walk you through how to configure a capture filter that will capture packets that have 180 as the last octet.
This same technique may be used to capture packets with specific application signatures, viruses, worms, and more. Try it out, and you will soon see that this isn't as complicated as you might think.
Recommended For You
Most successful IBN deployments focus on the network verification process. Not only is it safe, it also can easily integrate into existing networks and workflows.
Continuous monitoring and baselining of net performance monitoring metrics can reveal problems before users do and prevent complaints on performance degradation.
It's time to move past some common misconceptions and fears about SD-WAN. Here are three common myths you can ignore.
As the routing protocol that runs the Internet, BGP is a key piece of the puzzle that helps you understand how your customers get to you.
From a network planning and design perspective, manually created diagrams drawn by a human architect will continue to be the go-to method for years to come.