How in Wireshark do I find TCP packets containing in their data a string consisting of 4 digits plus a semicolon? I have tried matches with strings \d\d\d\d; and [0-9]{4}; and various others but it rejects them all as not a valid byte string. Thanks - Rowan asked 23 Nov '12, 09:53  Rowan |
One Answer:
this works for me with Wireshark 1.8.3 (Win XP) Match a 4 digit ASCII string
Match a time string, like 09:05:15
However, this will only match ASCII in the TCP payload. Do you want to match ASCII values or binary digits? Regards answered 23 Nov '12, 10:26  Kurt Knochner ♦ edited 23 Nov '12, 10:26 showing 5 of 7 show 2 more comments |
You probably meant
tcp.data.the match on tcp.data does not work. I have not yet checked why.
Hmm. It seems to work for me (as in, it properly filters packets in the list that match the pattern). I'm running Wireshark 1.8.1 in OSX.
I tested with WinXP. Test with Ubuntu follows.
It also works for me in Wireshark 1.9.0 in Windows 7.
Thank you. I'm sure I tried this before, but now I find that this works fine. It is the ASCII data that I'm trying to filter.
Rowan
@Rowan
I converted your "answer" to a comment as that is how this site works, please read the FAQ for more info.
If an answer solves your issue please accept it by clicking the checkmark icon next to the answer as this helps other users of the site with a similar question. This is also in the FAQ.