I have rececently found the "contains" filter in wireshark which is VERY powerful. For instance, if I only want to see http packets that contain the string "SOAP" I could used the filter "http contains SOAP". However, if I wish to use the filter to show http packts that DONT contain the string SOAP, I can not do it! I have tried using the following without success.
http contains !(SOAP)
http contains !SOAP
http !contains SOAP
Does anyone know a way to negatiate the "contains" filter?
Thanks,
George