Ethereal: [Ethereal-users] simple frame data evaluation?

Ethereal-users: May 2003

Subject: [Ethereal-users] simple frame data evaluation?
From: "Jon Baer" <jonbaer@xxxxxxxxxxx>
Date: Tue, 6 May 2003 06:59:21 -0700

what is the display filter expression to test for a true statement no matter
what protocol is present?  how to do a simply query on a frame's data?

i just noticed what i wanted to do was in the wishlist but i think it's
already present, # 34:

34. Add a display filter "match string" operator, which is similar to the
"==" operator, but operates only on strings and byte arrays, and matches if
the string in question appears anywhere in the item being tested. This would
allow users to search for packets that contain a string anywhere in the
packet (frame[0:] =~ "hi, there"), and anywhere in or after any particular
protocol's header. A regular-expression match might also be useful.

non existant @ the moment or am i missing something?  and wouldn't this
kinda be like putting snort-like features directly into ethereal?

thanks.

- jon

Follow-Ups:
- Re: [Ethereal-users] simple frame data evaluation?
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] Stupid question
Next by Date: Re: [Ethereal-users] Receive Only on AIX 4.3
Previous by thread: Re: [Ethereal-users] Other files included in ethereal package
Next by thread: Re: [Ethereal-users] simple frame data evaluation?
Index(es):
- Date
- Thread