Counting number of packets with a given string in packet bytes
I'm searching for a particular string in the packet bytes via Edit -> Find Packet. Is there a way to count the total number of these instances found? Is it possible to do the same search with tshark so I can perform some other analysis on the results?
Comments
I'm pretty sure I can get close enough with display filters in tshark:
tshark -r my.pcap -Y "fame matches \"mystring\""
I'm definitely open to other solutions, though.
What OS are you working on?
Linux (specifically Kubuntu)
Can you treat it like a binary file and use a mix of Linux commands?
The "other analysis" with
tshark
- were you hoping to it all in one pass somehow?that's a pretty clever approach, but something is off. it returns a higher number than than the tshark examples. i suspect perhaps the string appears multiple times in a given packet which would yield a higher count.