Wireshark-users: Re: [Wireshark-users] Display Filter for text string in TCP payload
My bad!
Both 'tcp contains "text"' and 'frame contains "text"' *do* work.
My mistake was that it didn't dawn on me that the filters are CASE
SENSITIVE (which makes sense now that I think about it). When I had
successfully used Edit/Find, the Case Sensitive checkbox was off, so it
succeeded where the filter had not.
Thx for the 'enlightenment'.
Michael
Michael Feeny
Global Wealth Management Technology
Network and Security Integration
Office: 609-274-2761
Mobile: 484-995-1745
AOL IM: feenyman99
Pager: 888-merril0
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Tuesday, April 08, 2008 5:03 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Display Filter for text string in TCP
payload
On Tue, Apr 08, 2008 at 10:39:44PM +0200, Luis EG Ontanon wrote:
> On Tue, Apr 8, 2008 at 10:28 PM, Feeny, Michael (GWM-CAI)
> <michael_feeny@xxxxxx> wrote:
> >
> > I would like to filter on all TCP packets that have a particular
text string
> > in the payload of the packet. I tried doing this by saying???
> >
> > tcp.segment contains "sometext"
> >
> > Or simply???
> >
> > tcp contains "sometext"
> >
> > ??? but neither approach worked.
>
> what about
> frame contains "abcde"
> does that do?
Hmmm... 'tcp contains "PASS"' does display the packets with
the FTP pass command in my trace. I'm wondering why it does
not work for you?
Cheers,
Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
--------------------------------------------------------
This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. This message is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you consent to the foregoing.
--------------------------------------------------------