The reason why I want to use udp.length is that it seems that contains is not limited only to the data segment but also covers the whole frame so leaving it as the only (beside the IP address and port) criterion returns unwanted results. All the other datagrams are hidden by my filter even though (at least from my perspective) these should be visible. I tried using each of these numbers in the expression above (just to make sure) but all I get is a single datagram with the Time *REF*. From what I understand the first is what is returned by frame.len and represents the size of the whole frame while the second is limited only to the size of the data. The Length column gives me 60, while the Info columns tells be that Len=4.
So far I have come up with: ip.addr=192.168.10.1 and udp.port=47555 and (udp contains "k") and udp.length=4īut it doesn't seem to work.
I want to create a display fitler that shows only UDP datagrams that contain the letter k, have a length 4 and come from a specific IP and port. I have Wireshark 2.2.6 on a Xubuntu 16.04 LTS (VirtualBox installation).
0 kommentar(er)
