Wireshark: IP Octet Capture Filter
One of the most powerful features of any protocol analyzer is the ability to capture or filter down to the byte or bit. This procedure goes by many names but all reference the words ‘Pattern Offset’ or ‘Data Offset.’
The word offset may seem a bit overwhelming, but the concept is very straightforward. You identify what you want to filter on which is referred to as the ‘data’ or ‘pattern.’ The second part is to determine where the data or pattern is in the packet, which is referred to the ‘offset.’
The offset can get a bit confusing since you need to pay attention to where you are starting your offset. This is based on which filter you decide to use. For example, you could start your offset from the Ethernet frame, IP, TCP, or UDP header.
In the video below, I walk you through how to configure a capture filter that will capture packets that have 180 as the last octet.
This same technique may be used to capture packets with specific application signatures, viruses, worms, and more. Try it out, and you will soon see that this isn't as complicated as you might think.
Recommended For You
In honor of St. Patrick’s Day, there’s no better time to reflect on those instants when life threw us a curveball, but we were able to hit a home run.
The success of modern enterprises, especially those utilizing real-time communications solutions, is highly reliant on IT infrastructure availability.
To understand the critical role of HTTP/2 in streamlining operations, we must look back at the technologies and implementation gaps that got us where we are today.
A video overview and best practices on how to reduce broadcasts and find other things to tune.
This is a great example of the perfect storm of variables coming together to cause performance issues. Watch the video to see how the problem was found.
Providers should be making infrastructure work for everyone in 2019, improving efficiency and opening up networks for all apps on their infrastructure.