Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Fuzzy searches ?? (Possible)

From: "Gaudineer, Kevin" <GAUDINKL@xxxxxxx>
Date: Tue, 26 May 2009 16:50:49 -0500
This is embarrassing  But that was the trick.  Thanks for the help...
:)

 
 
Iowa Health System
Kevin L. Gaudineer
Phone:  (515)-241-7745
Cell:  (515)-205-3069
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
j.snelders@xxxxxxxxxx
Sent: Tuesday, May 26, 2009 3:31 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Fuzzy searches ?? (Possible)

Hi Kevin,

What about this display filter:
smb.file contains "File Name"

Hope this helps
Joan


On Tue, 26 May 2009 14:32:31 -0500 Kevin Gaudineer wrote:
>
>Not sure if this is possible but at one time I thought I had read an
>article (or post) about doing a fuzzy search with a Wireshark trace.
My
>scenario is that I am trying to chase a issue but it is unknown when
the
>issue will happen.  So the support team has handed me a series of trace
>files that span several hours.  What I know is that the issue they want
>me to find is during a file transfer and the filenames to have a series
>of characters that are consistent during the transfer.  
>
>What I am trying to do is merge some of the trace files together around
>the time frame they gave when this issue happened, and I am trying to
>create a filter using a display filter with 'smb.file == {fuzzy search
>expression here} '  but I am not having luck.  Is it possible to do a
>search this way or should I just be trying to do the search with
>offsets?
>
>  
>
>Kevin L. Gaudineer
>
>Phone: (515)-241-7745
>
>Cell:  (515)-205-3069
>
>Email:  gaudinkl@xxxxxxx 
>
> 
>
> 
>
> 
>
>         ********************************************
>
>This message and accompanying documents are covered by the 
>Electronic Communications Privacy Act, 18 U.S.C. ?? 2510-2521, 
>and contain information intended for the specified individual(s) only. 
>This information is confidential. If you are not the intended recipient

>or an agent responsible for delivering it to the intended recipient,
you
>
>are hereby notified that you have received this document in error and 
>that any review, dissemination, copying, or the taking of any action 
>based on the contents of this information is strictly prohibited. If
you
>
>have received this communication in error, please notify us immediately

>by e-mail, and delete the original message.
>
>        *********************************************
>
>Bijlage: image001.jpg
>
>_______________________________________________________________________
____
>Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


       


________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
         ********************************************

This message and accompanying documents are covered by the 
Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, 
and contain information intended for the specified individual(s) only. 
This information is confidential. If you are not the intended recipient 
or an agent responsible for delivering it to the intended recipient, you 
are hereby notified that you have received this document in error and 
that any review, dissemination, copying, or the taking of any action 
based on the contents of this information is strictly prohibited. If you 
have received this communication in error, please notify us immediately 
by e-mail, and delete the original message.

        *********************************************