Network Analysis Using Wireshark 2 Cookbook(Second Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

How it works...

The Wireshark regular expression syntax for display filters uses the same syntax as regular expressions in Perl.

Some common modifiers are as follows:

  • ^: Match the beginning of the line
  • $: Match the end of the line
  • |: Alternation
  • (): Grouping
  • *: Match zero or more times
  • +: Match one or more times
  • ?: Match one or zero times
  • {n}: Match exactly n times
  • {n,}: Match at least n times
  • {n,m}: Match at least n but not more than m times

You can use these modifiers for configuring more complex filters. For examples, look for HTTP GET commands that contain ZIP files:

http.request.method == "GET" && http matches ".zip" && !(http.accept_encoding == "gzip, deflate")

Look for HTTP messages that contain websites that end with .com:

http.host matches ".com$"
上一章目录下一章