Wireshark-users: Re: [Wireshark-users] Display filter
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Irakli Natshvlishvili" <iraklin@xxxxxxxxx>
Date: Thu, 3 May 2007 15:04:11 -0800
Gerald,

Thank you Sir! Your solution works.

Also, could you clarify what type of regex wireshark supports?

Here is the example - if there is a one line string:

sip:@10.10.10.20

What would be regex which will find all packets matching "sip:" followed by "@" when there are zero or more whitespace chars between "sip:" and "@"?

I want to find out if a regex when  a string1 is followed by 0 or more (1 or more, exactly nn times, more then n, but less then m) whilespace (or alphanumerical or CLRF) characters before string2 can be written for wireshark. Above example is one of such case, my previous question, about CLRF was another.

 Thank everybody for your help.

--i.n.

On 5/3/07, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
Normally, the '.' metacharacter doesn't match line-ending characters.
You can force it to span multiple lines using the 's' option, like so:

    (?s)Via.*Via