Re: Display Filter Regex

[NeonFlash <psykosonik_frequenz () yahoo com>]

Hi,

Does any one have a suggestion for this? Please refer the below mail for more details. I would like to know if it is 
possible to use a Display Filter Regex in Wireshark.

Thanks.



________________________________
 From: NeonFlash <psykosonik_frequenz () yahoo com>
To: "wireshark-users () wireshark org" <wireshark-users () wireshark org> 
Sent: Tuesday, October 30, 2012 8:51 AM
Subject: Display Filter Regex
 

Hi,

I want to use a display filter for all the HTTP GET Requests which are of the form as shown below:

index.php?something=

As far as I know, the expression, "http contains" does not support perl compatible regular expressions.

I am using this display filter at the moment:

http.request.method == "GET" && http contains "php?"

however, it also displays some GET requests to paths as shown below:

/images/nature/forest.jpg

Even though the GET Request to the above path does not contain the string, php?

My guess is that it displays those frames as well because they belong to the same tcp stream as the one which involves 
the GET request to php files?

http matches does support PCRE but then, I cannot use it with the above form.

It would be great to make
 this display filter more exact.

Thanks.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe