Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Display filter

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Irakli Natshvlishvili" <iraklin@xxxxxxxxx>
Date: Thu, 3 May 2007 15:04:11 -0800

Gerald,

Thank you Sir! Your solution works.

Also, could you clarify what type of regex wireshark supports?

Here is the example - if there is a one line string:

sip:@10.10.10.20

What would be regex which will find all packets matching "sip:" followed by "@" when there are zero or more whitespace chars between "sip:" and "@"?

I want to find out if a regex when  a string1 is followed by 0 or more (1 or more, exactly nn times, more then n, but less then m) whilespace (or alphanumerical or CLRF) characters before string2 can be written for wireshark. Above example is one of such case, my previous question, about CLRF was another.

 Thank everybody for your help.

--i.n.

On 5/3/07, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
Normally, the '.' metacharacter doesn't match line-ending characters.
You can force it to span multiple lines using the 's' option, like so:

    (?s)Via.*Via

  • Follow-Ups:
    • Re: [Wireshark-users] Display filter
      • From: Luis Ontanon
  • References:
    • [Wireshark-users] Display filter
      • From: Irakli Natshvlishvili
    • Re: [Wireshark-users] Display filter
      • From: Gerald Combs
    • Re: [Wireshark-users] Display filter
      • From: Irakli Natshvlishvili
    • Re: [Wireshark-users] Display filter
      • From: Gerald Combs
    • Re: [Wireshark-users] Display filter
      • From: Irakli Natshvlishvili
    • Re: [Wireshark-users] Display filter
      • From: Sake Blok
    • Re: [Wireshark-users] Display filter
      • From: Irakli Natshvlishvili
    • Re: [Wireshark-users] Display filter
      • From: Sake Blok
    • Re: [Wireshark-users] Display filter
      • From: Irakli Natshvlishvili
    • Re: [Wireshark-users] Display filter
      • From: Gerald Combs
  • Prev by Date: [Wireshark-users] Is there a tshark option to save just RTP Header?
  • Next by Date: Re: [Wireshark-users] Display filter
  • Previous by thread: Re: [Wireshark-users] Display filter
  • Next by thread: Re: [Wireshark-users] Display filter
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation