THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 3
Chuckc's avatar
3k
Chuckc
updated 2023-04-20 01:42:12 +0000

Somewhere in here is the quintessential answer to this but I'm not finding it right now. (something like this)
For filters, is there a facility to include the next packet in the sequence for a selected criteria?

MATE may be a solution but at a certain point you'll have to decide if it's not the right tool.

If you're open to writing code/scripts, Wireshark Lua (WSDG: Lua Support in Wireshark) is very flexible after making the initial time investment to get comfortable with it.

YMMV but there is also a lot that can be done with tshark and shell scripts.
https://www.youtube.com/@WireSharkFest/search?query=tshark

Filter TLS with no Server Hello
The answers include two different Lua solutions for comparing packets.

Revision 2
Chuckc's avatar
3k
Chuckc
updated 2023-04-20 01:38:34 +0000

Somewhere in here is the quintessential answer to this but I'm not finding it right now. (something like this)
For filters, is there a facility to include the next packet in the sequence for a selected criteria?

MATE may be a solution but at a certain point you'll have to decide if it's not the right tool.

If you're open to writing code/scripts, Wireshark Lua (WSDG: Lua Support in Wireshark) is very flexible after making the initial time investment to get comfortable with it.

YMMV but there is also a lot that can be done with tshark and shell scripts.
https://www.youtube.com/@WireSharkFest/search?query=tshark

Filter TLS with no Server Hello
The answers include two different Lua solutions for comparing packets.
Revision 1
Chuckc's avatar
3k
Chuckc
answered 2023-04-20 01:33:39 +0000

Somewhere in here is the quintessential answer to this but I'm not finding it right now. (something like this)
For filters, is there a facility to include the next packet in the sequence for a selected criteria?

MATE may be a solution but at a certain point you'll have to decide if it's not the right tool.

If you're open to writing code/scripts, Wireshark Lua (WSDG: Lua Support in Wireshark) is very flexible after making the initial time investment to get comfortable with it.

YMMV but there is also a lot that can be done with tshark and shell scripts.
https://www.youtube.com/@WireSharkFest/search?query=tshark