Finding packets, The "find packet" dialog box, Tion 6.6, “finding packets – Lucent Technologies Ethereal User Manual

6.6. Finding packets

You can easily find packets once you have captured some packets or have read in a previously saved
capture file. Simply select the Find Packet... menu item from the Edit menu. Ethereal will pop up
the dialog box shown in

Figure 6.9, “The "Find Packet" dialog box”

.

6.6.1. The "Find Packet" dialog box

Figure 6.9. The "Find Packet" dialog box

You might first select the kind of thing to search for:

•

Display filter

Simply enter a display filter string into the Filter: field, select a direction, and click on OK.

For example, to find the three way handshake for a connection from host 192.168.0.1, use the
following filter string:

ip.addr==192.168.0.1 and tcp.flags.syn

For more details on display filters, see

Section 6.2, “Filtering packets while viewing”

•

Hex Value

Search for a specific byte sequence in the packet data.

For example, use "00:00" to find the next packet including two null bytes in the packet data.

•

String

Find a string in the packet data, with various options.

The value to be found will by syntax checked while you type it in. If the syntax check of your value
succeeded, the background of the entry field will turn green, if it fails, it will turn red.

Working with captured packets

113