This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

pattern filter

0

how to filter either strings at once ? I wrote something like this:

-Y "tcp contains "hi"" || tcp contains "bye""

but it doesnt works, anyone please help? Thanks

asked 20 Jun '17, 21:36

JJ24's gravatar image

JJ24
11114
accept rate: 0%

edited 20 Jun '17, 21:37

One Answer:

0

You have to escape the quotes there:

-Y "tcp contains \"hi\" || tcp contains \"bye\""

That should work. The escape tells the operating system that the next character is not to be interpreted but passed "as is" to the application. Without escape, the OS will read from quote to quote and break the parameters. This is valid for any application, you can see the effect by creating a shell script (if Linux) or a batch script (if Windows) and run it with the parameters. Below it captures up to 4 parameters, you can expand as needed.

Linux:

echo "1: '$1', 2: '$2', 3: '$3', 4: '$4'"

Windows:

echo "1: '%1', 2: '%2', 3: '%3', 4: '%4'"

answered 20 Jun '17, 23:21

silvio's gravatar image

silvio
312
accept rate: 50%

edited 21 Jun '17, 08:05