Ethereal-users: [Ethereal-users] simple frame data evaluation?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Jon Baer" <jonbaer@xxxxxxxxxxx>
Date: Tue, 6 May 2003 06:59:21 -0700
what is the display filter expression to test for a true statement no matter
what protocol is present?  how to do a simply query on a frame's data?

i just noticed what i wanted to do was in the wishlist but i think it's
already present, # 34:

34. Add a display filter "match string" operator, which is similar to the
"==" operator, but operates only on strings and byte arrays, and matches if
the string in question appears anywhere in the item being tested. This would
allow users to search for packets that contain a string anywhere in the
packet (frame[0:] =~ "hi, there"), and anywhere in or after any particular
protocol's header. A regular-expression match might also be useful.

non existant @ the moment or am i missing something?  and wouldn't this
kinda be like putting snort-like features directly into ethereal?

thanks.

- jon