Figuring Out Where To Slice a Packet Using Wireshark
There are many scenarios with packet slicing is helpful and possible necessary. I covered this in a previous article Network Protocol Analysis Tip: Packet Slicing (http://tinyurl.com/yb38lw9j).
To summarize, here are some examples or scenarios where you should consider packet slicing:
The data is not useful or unreadable/encrypted
To conserve disk space or reduce your trace file size
Legal issues around the payload of captured packets
Reduce load on your capture device. Some packet capture tools are less likely to drop packets when packets are sliced.
David K, one of my YouTube subscribers, asked a great question, “… How could one do that? …”. I thought what a great question since there are times when I assume the reader knows how to do this.
In this video I cover how to figure out the packet slicing value for a HTTP GET command and the destination MAC address. From these two examples, the reader should be able to calculate any other packet slice value.
Please keep in mind that you should always go through this process to determine the packet slice value or offset. This offset may change depending on the network or application so don’t assume the packet slice value will remain the same.