Wireshark-users: Re: [Wireshark-users] Display Filter for text string in TCP payload

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Tue, 8 Apr 2008 22:39:44 +0200
what about
frame contains "abcde"
does that do?


On Tue, Apr 8, 2008 at 10:28 PM, Feeny, Michael (GWM-CAI)
<michael_feeny@xxxxxx> wrote:
>
>
>
>
> Hello,
>
> I've been using Wireshark (Ethereal) for years, but I've never figured out
> how to do this.  Maybe it can't be done…
>
> I would like to filter on all TCP packets that have a particular text string
> in the payload of the packet.  I tried doing this by saying…
>
>         tcp.segment contains "sometext"
>
> Or simply…
>
>         tcp contains "sometext"
>
> … but neither approach worked.
>
> I *can* find the desired data via Edit/Find, but of course, that only finds
> one packet at a time - it's not a display filter.
>
> Is there a way to do what I want?
>
> Thx all,
> Michael
>
> Michael Feeny
> Global Wealth Management Technology
> Network and Security Integration
> Office: 609-274-2761
> Mobile:  484-995-1745
> AOL IM: feenyman99
> Pager:  888-merril0
>
>  ________________________________
>
> This message w/attachments (message) may be privileged, confidential or
> proprietary, and if you are not an intended recipient, please notify the
> sender, do not use or share it and delete it. Unless specifically indicated,
> this message is not an offer to sell or a solicitation of any investment
> products or other financial product or service, an official confirmation of
> any transaction, or an official statement of Merrill Lynch. Subject to
> applicable law, Merrill Lynch may monitor, review and retain
> e-communications (EC) traveling through its networks/systems. The laws of
> the country of each sender/recipient may impact the handling of EC, and EC
> may be archived, supervised and produced in countries other than the country
> in which you are located. This message cannot be guaranteed to be secure or
> error-free. This message is subject to terms available at the following
> link: http://www.ml.com/e-communications_terms/. By messaging with Merrill
> Lynch you consent to the foregoing.
>  ________________________________
>
>
> _______________________________________________
>  Wireshark-users mailing list
>  Wireshark-users@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan