George Vandelet wrote:
> I have rececently found the "contains" filter in wireshark which is VERY
> powerful. For instance, if I only want to see http packets that contain
> the string "SOAP" I could used the filter "http contains SOAP".
> However, if I wish to use the filter to show http packts that DONT
> contain the string SOAP, I can not do it! I have tried using the
> following without success.
> http contains !(SOAP)
> http contains !SOAP
> http !contains SOAP
>
> Does anyone know a way to negatiate the "contains" filter?
Try
http and not http contains "SOAP"
You can also use "matches" which allows regular expressions including
case-insensitive matching:
http and not http matches "(?i)soap"