Reputation: 791
How to filter TCP option with wireshark?
I'm trying to filter the packets by TCP options in wireshark. For example, I want to get all packets with the option Maximum Segment Size (with kind number 2). However, I find if I use the filter as tcp.option_kind == 2, I'll only get the packets with the first option as kind 2. However, packets may have multiple options, which means I couldn't get the packets with its second option as kind 2. Any idea to improve this filter?
Thanks!
Upvotes: 0
Views: 3046
Answers (1)
Reputation:
However, I find if I use the filter as
tcp.option_kind == 2, I'll only get the packets with the first option as kind 2.
If that's truly happening, it's a bug. tcp.option_kind == 2 is supposed to match packets in which any of the instances of tcp.option_kind are equal to 2, so it should find packets that contain that option even if it's not the first option.
You should file a bug on the Wireshark Bugzilla for this, and attach a capture that can be used to reproduce the problem.
Upvotes: 1
Related Questions
- Multiple protocol filtering on Wireshark
- How to use filters in the wireshark?
- Advanced filtering in wireshark
- How to filter package content in wireshark?
- How to use "Follow TCP stream" for specific packets in Wireshark?
- How to filter wireshark to display only packets between a server and a client?
- How to capture only incoming TCP streams in WireShark?
- Command line filter with protocol ICMP
- How can I make Wireshark filter by port when reading from standard in?
- How to capture only TCP traffic with tshark