Normally, the '.' metacharacter doesn't match line-ending characters.
You can force it to span multiple lines using the 's' option, like so:
(?s)Via.*Via
Irakli Natshvlishvili wrote:
> Sake,
>
> I modified the filter, "Via.*\x0d\x0aVia.*" does work for the capture
> I've posted.
>
> But, will it work in case if 'Via' headers ARE NOT next to each other?
>
> I mean, if a message looks like this:
>
> To: <sip:[email protected]
> <mailto:sip:[email protected]>>;tag=51d14022
> From: 9094354499< sip:[email protected]
> <mailto:sip:[email protected]>>;tag=4c3d535f
> Via: SIP/2.0/UDP 10.10.10.10:5060
> <http://10.10.10.10:5060/>;branch=z9hG4bKD22343432336665633a787.0
> Call-ID: 22e38f2bcdd854c64a1178aa5d6358b2
> Via: SIP/2.0/UDP 10.10.10.100
> <http://10.10.10.100/>;branch=z9hG4bK-4fe05e85f80de1da371f137b46b23e25;psrrposn=1
>
> Contact:
> <sip:4pbueHxLlmmKCczZ-2iiiSB3Y37p6oGYVI7qOS2l5TN2_Oan0FWp60466xKFg..@10.10.10.10
> <mailto:sip:4pbueHxLlmmKCczZ-2iiiSB3Y37p6oGYVI7qOS2l5TN2_Oan0FWp60466xKFg..@10.10.10.10>>
> Via: SIP/2.0/UDP 10.10.10.50:5065
> <http://10.10.10.50:5065/>;branch=z9hG4bK-d87543-9b1a2741582f6b580701-1-cHA4NmI1ZmE3MDEzOWRmZjFhMzViZg..-d87543-
>
> CSeq: 342974572 INVITE
> User-Agent: Tele2100
>
> Will the above filter still work? Unfortunately I do not have message
> like this to test in Wireshark.
>
> So, in essence my goal if following:
>
> find a stingA in the packet followed by stringB, when between stringA
> and stringB there could be 0 or more CRLF.
>
> Which in plan English means that stringA and stringB could be in the
> same line (before CRLF), could be in in different lines.
>
> Anyone can help? I'm not a regex guru.
>
> --i.n.
>
> On 5/2/07, *Sake Blok* <sake@xxxxxxxxxx <mailto:sake@xxxxxxxxxx>> wrote:
>
> On Wed, May 02, 2007 at 10:05:47PM -0800, Irakli Natshvlishvili wrote:
> > I've just tried. Does not work.
>
> Can you poste a small capture file with a few packets that you would
> like
> to match against?
>
> Cheers,
>
>
> Sake
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx <mailto:Wireshark-users@xxxxxxxxxxxxx>
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>
> --
> I.N.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users