thankx for your response… one question again… does such offset has any significance ??? and why does wireshark shows such offset??
Another query of mine
constructing any packets as such from “traffic generator” like “Smartbits 6000B”, does simply copying and paste the value of “Hex” on left hand side of my example able to fulfill any condition:
Condition might be: Detection of some protocols from filter like L7 (in linux) applying some regular expression rules.
Regular Expression rule: ^220\x09-\x0d -~]*ftp
This packets are verified when i run L7 filter too (as it displays a message that its of “ftp” packets).
So, is there any difference b/w the real traffic and the captured Wireshark traffic, so that if i generate such traffic (captured from wireshark) by looking at the hex values and copy and paste to any traffic generator to create traffic as such, so that it will be detected as “ftp” packets???
The files are attached for both Spirent 6000B smartbits and Wireshark capture for that ftp traffic…