Hi. In the past, I have used "tcp contains <string>" to filter on packets containing a certain string. In the more recent past, I seem to be having problems getting this to work. Here is an example from today...
With a trace file open, applying the filter [tcp contains "prgetWindows"] finds zero packets. However, if I do Edit -> Find Packet... and enter prgetWindows, as a string, I find lots of packets.
(and, Yes, the packets are TCP packets :-) )
What am I doing wrong, or not understanding?
thx all, Michael
asked 18 Sep '10, 08:26
answered 25 Sep '10, 16:07
Gerald Combs ♦♦
One difference between the find function and "tcp contains ..." is that the find function will by default use a case insensitive search. What happens when you select "case sensitive" in the find function, does it also not find any packets?
And does the filter tcp matches "[Pp][Pr][Gg][Ee][Tt][Ww][Ii][Nn][Dd][Oo][Ww][Ss]" show any packets?
If so, then it's a case issue. If not we need to look deeper, but then it would be handy to be able to look at the capture file, can you post it somewhere as this site does not (yet) have file-upload capabilities?
answered 18 Sep '10, 09:03