Wireshark-dev: Re: [Wireshark-dev] Seaching in the data pane would be useful ...
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 9 Aug 2013 09:30:18 -0700
On Fri, Aug 9, 2013 at 9:02 AM, Richard Sharpe
<realrichardsharpe@xxxxxxxxx> wrote:
> On Fri, Aug 9, 2013 at 8:52 AM, Christopher Maynard
> <Christopher.Maynard@xxxxxxxxx> wrote:
>> Richard Sharpe <realrichardsharpe@...> writes:
>>
>>> I can across a capture yesterday where there were DNS queries for a
>>> KDC in a Windows AD environment. The query returned 230 KDCs!
>>>
>>> Searching for a particular one was hard.
>>>
>>> It would be nice to have a right click menu item in either the details
>>> pane or the data pane where you can search for a particular string (or
>>> chars or hex equivalent) and have the string highlighted in the data
>>> pane and the detail pane sync'd to that.
>>>
>>
>> Isn't there a filter you can use, such as: dns.qry.name == "The KDC name"?
>>
>> Alternatively, it seems you're referring to the Edit -> Find Packet (Ctrl+F)
>> functionality, combined with Edit -> Find Next (Ctrl+N) and/or Edit -> Find
>> Previous (Ctrl+B).  Is there something that feature doesn't provide that
>> you're looking for?
>
> Sure, I can do the search, and I did, but the actual info I am
> interested in, like the priority, etc, is buried among 230 entries and
> I have to patiently scroll until I find it.
>
> That is hard to do.

You can use
CTRL-F String/PacketDetails <text-to-match>
That should work for your use-case    but it would probably be even
better if the normal "Displayfilter" search would do it too, where
possible.