This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Filter for packets containing “If-Modified-Since”

0

I am trying to figure out a display filter to find any packets containing "If-Modified-Since" indicating they have the element they are looking for in cache. I did a right-click, Aplly as Filter, Selected, but this is ineffective since it applies a very long filter looking for the If-Modified-Since and the full time-stamp. An example looks like:

frame[804:50] == 49:66:2d:4d:6f:64:69:66:69:65:64:2d:53:69:6e:63:65:3a:20:54:75:65:2c:20:30:34:20:41:75:67:20:32:30:30:39:20:32:31:3a:32:33:3a:30:39:20:47:4d:54:0d:0a

Other display filters I have tried:

data contains "If-Modified-Since"

data matches "If-Modified-Since"

data-text-lines matches "If-Modified-Since"

data-text-lines contains "If-Modified-Since"

And I have experimented with the "text" display filter (which I cannot find in the Display Filter Reference or in the expressions window).

I'm stumped. Anybody have an idea how to find If-Modified-Since in any packet that contains it?

Thanks in advance...

asked 07 Nov '13, 08:45

kpalmgren's gravatar image

kpalmgren
1446
accept rate: 0%


One Answer:

2

http matches "If-Modified-Since"

answered 07 Nov '13, 11:24

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Excellent! Thank you.

(07 Nov '13, 11:32) kpalmgren