The Windows version ships with PCRE. Did you try typing in the filter,
and does it turn green?
Irakli Natshvlishvili wrote:
> Yaah, I dug into docs and found that regex could be used in display filters.
>
> Unfortunately, windows installer for Wireshark does not have PCRE
> support. Am I right?
>
> Do I understand correctly, that I need re-compile wireshark from the
> source under windows to have regex support?
>
> If yes, than, well, sorry, I can't do it...
>
> --i.n.
>
> On 5/2/07, *Gerald Combs* <gerald@xxxxxxxxxxxxx
> <mailto:gerald@xxxxxxxxxxxxx>> wrote:
>
> Irakli Natshvlishvili wrote:
> > Question:
> >
> > Using display filters is there a way to find if a particular string
> > occurs more then once in a packet?
> >
> > For example, if there is an UDP packet which has payload "this is one
> > 1234 two one test", then filtering via UDP contains "one" will
> display
> > this UDP packet.
> >
> > But I want to filter ALL packets, where this particular string occurs
> > more then once.
> >
> > Any way do do it?
>
> If you have PCRE support compiled in, you can use something like
>
> udp matches "one.*one"
>
> That translates to "the string 'one' followed by zero or more characters
> followed by the string 'one'." The "matches" operator supports
> Perl-compatible regular expressions, which are described at
> http://perldoc.perl.org/perlre.html .
>
> You can check for PCRE support via "Help->About Wireshark" or by using
> the "-v" command-line flag. You can also type in the filter above and
> see if the display filter entry turns green.
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx <mailto:Wireshark-users@xxxxxxxxxxxxx>
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>
> --
> I.N .
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
