FWIW I use ngrep against any libpcap.gz files I
generate from
tethereal. Maybe something in there that could be used
for stuff like the -X option.
Just an idea.
--- Gerald Combs <gerald@xxxxxxxxxxxx> wrote:
> On Thu, 12 Sep 2002, Mathias Koerber wrote:
>
> > how can I (display) filter on packets which
> contain an arbitrary
> > string anywhere inside the packet?
> >
> > >From the list of fields I can guess that I need
> to use the �data�
> > field, but I cannot fgure out how to express the
> rest. The substring
> > functions seem to require me specifying known
> locations, but
> > as yet I have no idea where in the packet mystring
> will turn up.
> >
> > IOW, I'm looking for something like
> > $date =~ /mystring/;
>
> Ethereal doesn't support this at the present time.
> It is a
> frequently-requested feature, however.
>
> Does anyone know of any regular expression libraries
> that
>
> Are portable across the platforms Ethereal runs
> on,
>
> Are fast, and
>
> Support matches against data types that the
> average Ethereal user would
> need, such as hexadecimal values?
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-dev
=====
Jaime Fournier
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com