what about
frame contains "abcde"
does that do?
On Tue, Apr 8, 2008 at 10:28 PM, Feeny, Michael (GWM-CAI)
<michael_feeny@xxxxxx> wrote:
>
>
>
>
> Hello,
>
> I've been using Wireshark (Ethereal) for years, but I've never figured out
> how to do this. Maybe it can't be done…
>
> I would like to filter on all TCP packets that have a particular text string
> in the payload of the packet. I tried doing this by saying…
>
> tcp.segment contains "sometext"
>
> Or simply…
>
> tcp contains "sometext"
>
> … but neither approach worked.
>
> I *can* find the desired data via Edit/Find, but of course, that only finds
> one packet at a time - it's not a display filter.
>
> Is there a way to do what I want?
>
> Thx all,
> Michael
>
> Michael Feeny
> Global Wealth Management Technology
> Network and Security Integration
> Office: 609-274-2761
> Mobile: 484-995-1745
> AOL IM: feenyman99
> Pager: 888-merril0
>
> ________________________________
>
> This message w/attachments (message) may be privileged, confidential or
> proprietary, and if you are not an intended recipient, please notify the
> sender, do not use or share it and delete it. Unless specifically indicated,
> this message is not an offer to sell or a solicitation of any investment
> products or other financial product or service, an official confirmation of
> any transaction, or an official statement of Merrill Lynch. Subject to
> applicable law, Merrill Lynch may monitor, review and retain
> e-communications (EC) traveling through its networks/systems. The laws of
> the country of each sender/recipient may impact the handling of EC, and EC
> may be archived, supervised and produced in countries other than the country
> in which you are located. This message cannot be guaranteed to be secure or
> error-free. This message is subject to terms available at the following
> link: http://www.ml.com/e-communications_terms/. By messaging with Merrill
> Lynch you consent to the foregoing.
> ________________________________
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan