Observer Analyzer : Observer Analyzer : Decodes : Working with packets : Searching for a specific packet
Searching for a specific packet
1. On the Home tab, in the Capture group, click Configuration > Packet Capture.
2. Click the Decode button. The Decode and Analysis window appears.
3. Click the Decode tab, then choose Tools > Find Packet. The Find Packet window appears.
4. Using the information in Table 18 choose how you want to search the capture buffer.
 
 
 
Table 18. Searching a packet capture
Raw Packet Data
Searches the entire raw (i.e., not decoded) packet for the given string.
Decoded Data
Searches only the decoded packet for the given string.
ASCII
Interprets the buffer as ASCII-encoded text and searches for the given sequence. A maximum of 16 characters are allowed in the string. ASCII searches are case-sensitive.
EBCDIC
Interprets the buffer as EBCDIC-encoded text and searches for the given sequence. A maximum of 16 characters are allowed in the string. EBCDIC searches are case-sensitive.
Hexadecimal
Interprets the buffer as hexadecimal code and searches for the given sequence of codes (separated by spaces; e.g., C0 FF CC). The maximum value for a code is FF.
Decimal
Interprets the buffer as decimal code and searches for the given sequence of codes (separated by spaces; e.g., 102 90 87). The maximum value for a code is 255.
Find Sequence
Allows you to enter the exact string of characters or codes to search for.
Find All Conversations Containing Search Sequence
Find up to 1024 different IP/port pairs. A list of found pair is displayed. From the list you may choose up to 75 pairs to post filter.