I've capture a pcap file and display it on wireshark. I want to analysis those udp packets with 'Length' column equals to 443.
On wireshark, I try to found what's the proper filter.
udp && length 443 # invalid usage
udp && eth.len == 443 # wrong result
udp && ip.len == 443 # wrong result
By the way, could the wireshark's filter directly apply on libpcap's filter?
All these workable on wireshark's filter
frame.len==243 <- I use this
ip.len=229
udp.length==209
data.len=201
来源:https://stackoverflow.com/questions/10022710/set-a-filter-of-packet-length-in-wireshark