Wireshark mailing list archives

Re: Capture Filter Inquiry

From: Wes <wes_r () yahoo com>
Date: Mon, 14 Dec 2009 09:56:23 -0800 (PST)

You should be able use something like:

 syslog.msg contains "Text to be found"

Wes

--- On Mon, 12/14/09, Frank Barta <fbarta () gmail com> wrote:

From: Frank Barta <fbarta () gmail com>
Subject: [Wireshark-users] Capture Filter Inquiry
To: wireshark-users () wireshark org
Date: Monday, December 14, 2009, 10:13 AM
Hello,
I was wondering if it would be possible to
create a capture filter that will analyze the contents of a
syslog packet and only write the packet to the file if it
has a specific string in it.

IE. If the syslog message contains the word
"reset", write packet to file.
Thanks!

-----Inline Attachment Follows-----

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

   mailto:wireshark-users-request () wireshark org?subject=unsubscribe



      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Capture Filter Inquiry Frank Barta (Dec 14)
- Re: Capture Filter Inquiry Wes (Dec 14)
- Re: Capture Filter Inquiry Wes (Dec 14)