Advanced Search Functionality of ChatTCP

To simplify the analysis process, ChatTCP parses all connections in pcap (or pcapng) files, reassembling round-trip packets by connection to display them as chat records. Therefore, ChatTCP defaults to supporting filtering by connection and fuzzy search.

However, in practical use, pcap files can be very large, yielding numerous connections or a high number of round-trip packets within a single connection. In such cases, finding packets whose Payload contains a specific string by searching through each connection individually can be extremely difficult.

To address this issue, ChatTCP provides an advanced search function that supports global searching of packets based on conditions such as TCP flags and Payload. Similarly, there is no need to remember how to write filter expressions like in Wireshark.