Wireshark · Wireshark-dev: Re: [Wireshark-dev] Byte matching

Wireshark-dev: Re: [Wireshark-dev] Byte matching

From: Matteo Pelliccia <matteo.pelliccia@xxxxxxxxx>

Date: Wed, 28 May 2014 11:47:34 +0200

Hi Jeff,

thank you for your answear. I was looking at the code, for what I understood the matching is held by the function dfvm_apply. Are there any connection beetween the structure dfilter_t and the original pcap file? I can print the value matched pretty easily.

Matteo

2014-05-27 22:39 GMT+02:00 Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>:

On 05/26/14 04:07, Matteo Pelliccia wrote:

Hi to all,
maybe it's a silly question. Is it possibile to know what byte match in
display filter _expression_? For example if I have a pcap file with some
packet and I run tshark with -Y option I would like to know which bytes
match that _expression_, is it possibile?

Unfortunately no, not today. There's been some discussion of highlighting the field (if not the bytes) in the GUI (there's probably a bug requesting that) but this is the first time I've heard of it for tshark.

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

References:
- [Wireshark-dev] Byte matching
  - From: Matteo Pelliccia
- Re: [Wireshark-dev] Byte matching
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-dev] wireshark-only capture format
Next by Date: [Wireshark-dev] Wireshark PEEKREMOTE decoding packets from Cisco Sniffer APs incorrecty
Previous by thread: Re: [Wireshark-dev] Byte matching
Next by thread: [Wireshark-dev] I think the following patch fixes the longstanding bug in the SPNEGO dissector
Index(es):
- Date
- Thread