May 12 2009

Viewing TCP/IP payload in Wireshark

Posted by Chirag Patel in Insights at 4:44 PM

When using the network protocol analyzer Wireshark, if you’re specifically looking for the payload, look for the [PSH, ACK] tag in the “Info” column.  Once you click on the row with that tag, you will see the “Data” node in the packet window as shown in the attached window.

Wireshark TCP data

Wireshark TCP data

The other tags ([ACK], [SYN], [FIN,ACK]) shown in the “Info” column are TCP control packets and do not include any data/payload. They are used for handshaking.

Related posts:

  1. Filtering traffic by IP address with Wireshark I use a tool called Wireshark to monitor network activity...
  2. Upgrade Wireshark From Version 1.0.2 to Version 1.0.7 Wireshark, previously Ethereal, is a network protocol analyzer that allows...
Tags: , , , , , ,

This entry was posted on Tuesday, May 12th, 2009 at 4:44 PM and is filed under Insights. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

« 
 »
2 Responses to “Viewing TCP/IP payload in Wireshark”
  1. pcapr says:
    May 12, 2009 at 5:21 PM

    Have you tried pcapr: http://www.pcapr.net/? You can do all kinds of fun stuff with packets (including making new pcaps just using the browser).

    [Reply]

    Reply
  2. Аркадий says:
    June 23, 2009 at 10:13 AM

    Мне хотелось бы поделиться опытом с кем-нибудь по этому вопросу. Все кто желает, катайте в асю 75995515

    [Reply]

    Reply
  3.  
Leave a Reply

*Type the letter/number combination in the abvoe field before clicking submit.

CAPTCHA Image
*