Ethereal-users: [Ethereal-users] [Win32] Capture filter to capture only packets with certain con
Hello ethereal-users,
Im completely new with ethereal and cant find the right
information to set a capture filter on certain byte(s).
I want to capture nicknames from an UDP packet which has
a maximum size of 84 bytes and with only a few bytes that
are unique. (i still get some bogus packages but thats no big deal)
These are 2 example packets
0000 00 90 27 A7 69 5D 00 08 E2 C6 38 00 08 00 45 20 ..'.i]....8...E
0010 00 35 C8 95 00 00 75 11 A7 CB D9 52 29 76 D9 78 .5....u....R)v.x
0020 F8 F5 0C C3 6C F0 00 21 2E 58 8B 0F 00 4D 4A 31 ....l..!.X...MJ1
0030 32 20 7C 7C 20 4D 61 73 74 65 72 00 00 00 96 18 2 || Master.....
0040 00 00 00 ...
0000 00 90 27 A7 69 5D 00 08 E2 C6 38 00 08 00 45 00 ..'.i]....8...E
0010 00 45 AC C2 00 00 6F 11 1A 0B 51 E3 60 89 D9 78 .E....o...Q.`..x
0020 F8 F5 38 42 6C F0 00 31 6E FE 8B 1F 00 49 68 61 ..8Bl..1n....Iha
0030 76 65 61 6C 6F 6E 67 6E 61 6D 65 73 69 6E 63 65 vealongnamesince
0040 73 70 6F 6F 6B 73 74 61 68 74 6F 00 00 00 96 29 spookstahto....)
0050 00 00 00 ...
The only byte(s) which returns in all packets is 8B and 00 00 00 90,
but 8B returns in a lot of other packets so not really usefull, also
the last 00 00 00 always returns but the byte before it changes with
every packet.
This is the capture filter which i have set atm:
udp port 27888 and dst host 217.120.248.245 and len <= 84
What do i need to set more to get only packets which contain 00 00 00
90, or if anyone has a better idea please hook me up with it.
--
Best regards,
GJ de Boer mailto:admin@xxxxxxxxxxxxxxxxxxx