So if I understand correctly, the OpCode is the first hexa component of the Payload.
Is there any way to filter the packet if OpCode is already known? As i'm currently manually reviewing all TCP payloads to find this.
I found the following when searching for a solution:
rpcap.opcode == 41
But got no results when applying this filter - maybe because of invalid syntax or it being the wrong filter for this.
Turns out in this case, the packets were encoded. Using WireShark to decode the packets revealed the OpCode's as expected.