When using the network protocol analyzer Wireshark, if you’re specifically looking for the payload, look for the [PSH, ACK] tag in the “Info” column.  Once you click on the row with that tag, you will see the “Data” node in the packet window as shown in the attached window.

Wireshark TCP data

Wireshark TCP data

The other tags ([ACK], [SYN], [FIN,ACK]) shown in the “Info” column are TCP control packets and do not include any data/payload. They are used for handshaking.

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , ,
2 Responses to “Viewing TCP/IP payload in Wireshark”
  1. pcapr says:

    Have you tried pcapr: http://www.pcapr.net/? You can do all kinds of fun stuff with packets (including making new pcaps just using the browser).

    [Reply]

  2. Мне хотелось бы поделиться опытом с кем-нибудь по этому вопросу. Все кто желает, катайте в асю 75995515

    [Reply]

  3.  
Leave a Reply

*Type the letter/number combination in the abvoe field before clicking submit.

*