Wireshark mailing list archives

Re: Trouble with "contains" filter!

From: Gerald Combs <gerald () wireshark org>
Date: Mon, 19 Jul 2010 12:11:54 -0700

George Vandelet wrote:

I have rececently found the "contains" filter in wireshark which is VERY
powerful.  For instance, if I only want to see http packets that contain
the string "SOAP" I could used the filter "http contains SOAP". 
However, if I wish to use the filter to show http packts that DONT
contain the string SOAP, I can not do it!  I have tried using the
following without success.
 http contains !(SOAP)
 http contains !SOAP
 http !contains SOAP
 
 Does anyone know a way to negatiate the "contains" filter?


Try

    http and not http contains "SOAP"

You can also use "matches" which allows regular expressions including
case-insensitive matching:

    http and not http matches "(?i)soap"
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Trouble with "contains" filter! George Vandelet (Jul 19)
- Re: Trouble with "contains" filter! Gerald Combs (Jul 19)