Wireshark · Wireshark-users: Re: [Wireshark-users] Display Filter for text string in TCP payload

Wireshark-users: Re: [Wireshark-users] Display Filter for text string in TCP payload

From: Sake Blok <sake@xxxxxxxxxx>

Date: Tue, 8 Apr 2008 23:02:35 +0200

On Tue, Apr 08, 2008 at 10:39:44PM +0200, Luis EG Ontanon wrote:
> On Tue, Apr 8, 2008 at 10:28 PM, Feeny, Michael (GWM-CAI)
> <michael_feeny@xxxxxx> wrote:
> >
> > I would like to filter on all TCP packets that have a particular text string
> > in the payload of the packet.  I tried doing this by saying???
> >
> >         tcp.segment contains "sometext"
> >
> > Or simply???
> >
> >         tcp contains "sometext"
> >
> > ??? but neither approach worked.
>
> what about
> frame contains "abcde"
> does that do?

Hmmm... 'tcp contains "PASS"' does display the packets with
the FTP pass command in my trace. I'm wondering why it does
not work for you?

Cheers,
    Sake

Follow-Ups:
- Re: [Wireshark-users] Display Filter for text string in TCP payload
  - From: Feeny, Michael (GWM-CAI)

References:
- [Wireshark-users] Display Filter for text string in TCP payload
  - From: Feeny, Michael (GWM-CAI)
- Re: [Wireshark-users] Display Filter for text string in TCP payload
  - From: Luis EG Ontanon

Prev by Date: Re: [Wireshark-users] Display Filter for text string in TCP payload
Next by Date: Re: [Wireshark-users] Looking for some help or advice with an issue
Previous by thread: Re: [Wireshark-users] Display Filter for text string in TCP payload
Next by thread: Re: [Wireshark-users] Display Filter for text string in TCP payload
Index(es):
- Date
- Thread