I'm looking for a way to filter the contents of a packet for social security numbers using wildcards (-**-*). Our UTM uses a builtin regular expression to identify US SSN's passing through it. The UTM will notify us when it identifies a match, but we've been unable to validate it. I'm looking to see if the UTM is properly identifying them or if it is a false positive. Any assistance you could provide would be much appreciated. Please let me know if you have any questions. asked 01 Apr '15, 09:05  invadingrabbit |
One Answer:
Please try this:
contains allows you to use regular expressions in display filters. HINT: If the data is transmitted over encrypted channels (HTTPS) you won't see anything and if the data is transmitted in binary form, the ASCII based regular expression won't match either. If you can provide a capture file with a social security number in it, I will check if it's possible to match that with the mentioned filter. Regards answered 01 Apr '15, 09:33  Kurt Knochner ♦ |
