-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ettercap filter condition by length of data going. eq to tcp.len in wireshark. #1224
Comments
maybe can you try tcp.len == 123? |
It says this filter is not recognized
On Mon, 22 May 2023 at 12:35 PM, Gianfranco Costamagna < ***@***.***> wrote:
maybe can you try tcp.len == 123?
—
Reply to this email directly, view it on GitHub
<#1224 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMBTF37BNEPNPYE4CTSWRSTXHMF2ZANCNFSM6AAAAAAYGECWEI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
*Regards,*
*Jinay Patel (CyberSecurity Analyst)*
|
"A TCP segment consists of a segment header and a data section. The segment header contains 10 mandatory fields, and an optional extension field (Options, pink background in table). The data section follows the header and is the payload data carried for the application. The length of the data section is not specified in the segment header; it can be calculated by subtracting the combined length of the segment header and IP header from the total IP datagram length specified in the IP header." |
maybe you can use ip.len and then do some calculation?
|
Hi Team,
I want to know how i can create another condition in below filter for only do operation if tcp data length is "123"
if (ip.proto == TCP && tcp.dst == 9338) {
if (search(DATA.data, "value") ) {
replace("48.574710","49.574710");
replace("HH","FFO");
replace("jinay1","attacked");
replace("Pending","Approved");
msg("Modified!\n");
}
}
The text was updated successfully, but these errors were encountered: