["Gaudineer, Kevin" <GAUDINKL@xxxxxxx>]

Not sure if this is possible but at one time I thought I had read an article (or post) about doing a fuzzy search with a Wireshark trace.  My scenario is that I am trying to chase a issue but it is unknown when the issue will happen.  So the support team has handed me a series of trace files that span several hours.  What I know is that the issue they want me to find is during a file transfer and the filenames to have a series of characters that are consistent during the transfer. 

 

What I am trying to do is merge some of the trace files together around the time frame they gave when this issue happened, and I am trying to create a filter using a display filter with ‘smb.file == {fuzzy search _expression_ here} ‘  but I am not having luck.  Is it possible to do a search this way or should I just be trying to do the search with offsets?

 

Kevin L. Gaudineer

Phone: (515)-241-7745

Cell:  (515)-205-3069

Email:  gaudinkl@xxxxxxx

 

 

 

         ********************************************

This message and accompanying documents are covered by the 
Electronic Communications Privacy Act, 18 U.S.C. Â§Â§ 2510-2521, 
and contain information intended for the specified individual(s) only. 
This information is confidential. If you are not the intended recipient 
or an agent responsible for delivering it to the intended recipient, you 
are hereby notified that you have received this document in error and 
that any review, dissemination, copying, or the taking of any action 
based on the contents of this information is strictly prohibited. If you 
have received this communication in error, please notify us immediately 
by e-mail, and delete the original message.

        *********************************************