I've capture a pcap file and display it on wireshark. I want to analysis those udp packets with 'Length' column equals to 443.
On wireshark, I try to found what's the proper filter.
udp && length 443 # invalid usage
udp && eth.len == 443 # wrong result
udp && ip.len == 443 # wrong result
By the way, could the wireshark's filter directly apply on libpcap's filter?
All these work on Wireshark's filter
frame.len==243 <- I use this
ip.len==229
udp.length==209
data.len==201