Tip of the Month

July 2001

Put the Strain on Your Protocol Analyzer, not Yourself

Most protocol analyzers have filtering capabilities that act like a giant dirt sifter, allowing us to separate out unwanted matter so that we can focus our attention on certain addresses or protocols. But what about looking for specific content within packets? Pattern matching comes to mind, allowing one to enter a specific offset and pattern in Hex or ASCII. Some analyzers will assist you in building a filter by offering pre-defined filters or by entering highlighted data from a packet. Even better, you can use a feature like "select related" included with all WildPackets analyzers for one-click filtering.

Unfortunately, there are times when we don't know exactly where in a packet the pattern will occur, such as when looking for specific data from a database record or when looking for a word or phrase. Once packets are captured into a buffer, we can often apply an advanced search filter. (When using a WildPackets analyzer, simply select Edit, Select.) This way, one can have the analyzer look for something like "Today's Forecast" or "Weather" or "weatherforecast.org" without complex filtering and fixed offsets or examining every packet by hand. The same technique can be applied to hex patterns as well, when looking for that database data.

So learn the advanced features of your analyzer to quickly search through megabytes of data and cut your analysis time exponentially!