I'm trying to find a bunch of specific data in a Wireshark capture.
First of all I need to be sure that the data is actually there, which has been confirmed in my previous post.
Now I'd like to go a step further and actually filter the mentioned data.
At this moment I'm capable of creating the following filter:
ip.dst == 10.1.0.160 && tcp.port == 12714 && data.len >=1As you can see, this filters the Wireshark capture on a certain IP address and corresponding TCP port, containing non-empty data, but I'd like to go further on the "data" filtering part:
My "data" always contains the fix letters "MFS1", is there a way I can filter on that?
I know that "MFS1" is 4D 46 53 31 in hexadecimal, can I filter on data.like('%4D465331%'), something like that?