Wireshark · Ethereal-dev: Re: [Ethereal-dev] New feature to Find. Search all PD structures for ASCII or HEX data.

Ethereal-dev: Re: [Ethereal-dev] New feature to Find. Search all PD structures for ASCII or HE

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 18 Jul 2003 14:19:06 -0700


On Friday, July 18, 2003, at 10:13 AM, Greg Morris wrote:

Please consider this new addition. Many times I have been asked whyEthereal cannot search the hex data for a pattern of characters or hexvalues. I spent a little time adding this new functionality.


You might want to look at using, for example, a Boyer-Moore search:

http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/index.html

as it's faster than the quadratic-time simple search you appear to bedoing. (Gilbert, what search algorithm are you using?)

Hex patterns should probably be turned into binary patterns before thesearch starts.

The direct "search for a text or binary string anywhere in the packet"UI could perhaps be done as "frame contains <string>" in a displayfilter, which would allow it to be used in Tethereal as well, and wouldlet that feature share code with Gilbert's stuff.

References:
- [Ethereal-dev] New feature to Find. Search all PD structures for ASCII or HEX data.
  - From: Greg Morris

Prev by Date: Re: [Ethereal-dev] Can't build on Windows due to Winsock2 errors.
Next by Date: Re: [Ethereal-dev] Can't build on Windows due to Winsock2 errors.
Previous by thread: Re: [Ethereal-dev] New feature to Find. Search all PD structures for ASCII or HEX data.
Next by thread: [Ethereal-dev] Can't build on Windows due to Winsock2 errors.
Index(es):
- Date
- Thread