I'm trying to use WireShark to find UDP packets with a specific substring. I tried using a filter "udp and data.text contains SUBSTRING", but that returns nothing, even if SUBSTRING shows in the packet dump on the bottom window. Thanks in advance.
You should be able to use the expression udp contains <hex> where <hex> is a hex string like e1b0adde.
Related
i did a snmpwalk code in java , to retrieve data associated with cdp cache. except cdpCacheAddress, every thing is showing as expected. cdpCacheAddress is expected as IP but shows as c0:a8:0a:xX . the oid i requested is begins with .1.3.6.1.4.1.9.9.23.1.2.1.1.4. how can i find the ip address of the neighbor with this data. is there any other way to find the neighbor's IP address with cdp .
please help.
That is an IP address.
It's four octets, each shown in hex, delimited by colons. It could also be rendered as "192.168.10.xX".
The syntax is defined to be a CiscoNetworkAddress (whose definition includes the DISPLAY-HINT that results in the default rendering you see), so you should interpret it as such.
You can transform & display it however you like!
How to do that depends entirely on your language/environment.
I have a simple struct containing some stuff, and also a Text field. I was looking at the result of encoding this data using Capnp, and for some reason the value of the text field appears in the encoded output twice! That doesn't seem very efficient or sane. Why does this happen?
Cap'n Proto does not encode text fields twice. To understand what happened in your case, we'd need to see your code.
I need a printable character which is not available in the mobile SMS messages. The reason is that I have a file which has a bunch of data, and one of those data fields is SMS-text. It is dummy data ofcourse.
I need to extract this field. The tool I am using for it asks for a field-separator, on the basis of which it separates fields into a CSV file. And it uses a comma character as the default field separator.
Now the problem is that whenever a comma character occurs in SMS text, it separates the rest of the SMS text and makes it a separate field.
So my question is that how do I find a single character which I can use as a field separater in this case?
I think you can encode the text using Base64 before sending SMS, and then decode after receiving. Please see: https://en.wikipedia.org/wiki/Base64.
You may want to have a look at the GSM charset spec. Be aware about the 7bits / 8bits encoding and the encoding of the different (human) languages.
I am trying to customize Wireshark capture such that is captures all IP addresses (both source and destination) with the IP address format xxx.xxx.xxx.100.
I used the following Capture Filter
ip matches /.*/.*/.*/.100
but the text box remains red'
These are not IP addresses in a particular range, just the fourth octet is 100
Your regex is a little off, as you need to use a backslash to escape the periods. Try this:
ip.host matches "\.100$"
That should match .100 at the end of the string.
Source: http://ask.wireshark.org/questions/22230/filter-for-partial-ip-address
Edit: Try using the Display Filter (Analyze->Display Filters..), not the Capture Filter
I have 2 applications (client and server) using a request-reply pattern.
The client sends a request to the server the message ID is set to something like this: ID=Hostname-52991-1357677886768-3:1:2:1:1.
Now the client has to listen to a message with a correlation ID set to the same value. Since the value contains special characters (:) I have to encode the value (using UTF-8).
Sets the JMS Selector, which is an SQL 92 predicate that is used to filter messages within the broker. You may have to encode special characters such as = as %3D
So the selector should look like JMSCorrelationID='ID=Hostname-52991-1357677886768-3:1:2:1:1' and the encoded selector should look like JMSCorrelationID='ID%3AHostname-52991-1357677886768-3%3A1%3A2%3A1%3A1' I guess.
I have struggled for a couple of hours now and searched and read everything I could find but I cannot get this thing to work and it's driving me nuts.
Using only ASCII characters like abcd works.
Your JMS selector selector is being HTML encoded which will not work with the underlying system(as it will never match a message). The expression JMSCorrelationID='ID=Hostname-52991-1357677886768-3:1:2:1:1' should work as is.