OK, I know when I want to filter out HTTPs which have wanted text in them i type: http.referer contains "text" but what is the command to display all HTTPs except the ones which have certain text in them (which is now unwanted)? asked 15 Dec '13, 13:48  myrddin |
2 Answers:
Try answered 15 Dec '13, 13:56  Guy Harris ♦♦ edited 15 Dec '13, 15:13 |
Another idea: use a filter with a regular expression, that contains the field
Will match all frames with a field Anyway, the regular expression answers your question in the title:
The opposite (as I understand it) is the regular expression shown above: Regards answered 16 Dec '13, 06:42  Kurt Knochner ♦ edited 16 Dec '13, 11:27 |
Hi, it works but it shows all protocols except HTTPs which contain that text. I want to see all HTTP protocols which don't have that text in the referer field. I know this is is probably stupid question, but I skimmed quickly through help and didn't find it and I don;t have time to read it in detail...
OK, I've updated my answer to give a filter that only matches HTTP packets where the Referer: field doesn't contain the specified text.
Works great, thanks!
I think
http.referer and not (http.referer contains "text")would work even better, as not every http packet will contain anhttp.refererfield.Depends on whether he wants "all HTTP messages except for those that have a Referer: field containing the text in question" or "all HTTP messages including a Referer: field that doesn't contain the text in question". The first would be
and the second would be