Trying to filter packets with Wireshark. Why it finds nothing when placing filter tcp contains M-SEARCH. I have such value on the third line.
Asked
Active
Viewed 377 times
1 Answers
0
SSDP uses UDP as the underlying transport protocol. You are filtering on TCP.
https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol#Protocol_transport_and_addressing
Try matching UDP text instead.
JayMcTee
- 3,923
- 1
- 13
- 22
-
I tried `UDP contains M-SEARCH`, but got the same result - `No packet contained that string in its Info column` – vico Jul 31 '17 at 11:24
-
Might be the case that the text you see in the Info column, is not actually a field, so you can't filter on it. It's a summary of the the data form the other fields. If you view the details of the packet, you will see in which field M-SEARCH really is shown. – JayMcTee Jul 31 '17 at 11:29