This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm looking for a way to filter the contents of a packet for social security numbers using wildcards (-**-*).

Our UTM uses a builtin regular expression to identify US SSN's passing through it. The UTM will notify us when it identifies a match, but we've been unable to validate it. I'm looking to see if the UTM is properly identifying them or if it is a false positive.

Any assistance you could provide would be much appreciated.

Please let me know if you have any questions.

asked 01 Apr '15, 09:05

invadingrabbit's gravatar image

invadingrabbit
1111
accept rate: 0%


Please try this:

frame contains "-\d+-\d+-"

contains allows you to use regular expressions in display filters.

HINT: If the data is transmitted over encrypted channels (HTTPS) you won't see anything and if the data is transmitted in binary form, the ASCII based regular expression won't match either.

If you can provide a capture file with a social security number in it, I will check if it's possible to match that with the mentioned filter.

Regards
Kurt

permanent link

answered 01 Apr '15, 09:33

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×349
×184
×165
×40

question asked: 01 Apr '15, 09:05

question was seen: 5,056 times

last updated: 01 Apr '15, 09:33

p​o​w​e​r​e​d by O​S​Q​A