Does Wireshark support BGP regular expressions in filters?
Will the regular expressions as listed at https://blog.ine.com/2008/01/06/under..., for bgp, work for wireshark also?
1 Answer
- Sort by
oldest newest most voted
0
No. Wireshark supports bpf syntax for capture filters and it's own syntax for display filters.
Comments
Wireshark does support Perl-compatible regular expressions using the matches or ~ operator for certain fields. To quote the wireshark-filter man page:
The "matches" or "~" operator allows a filter to apply to a specified Perl-compatible regular expression (PCRE). The "matches" operator is only implemented for protocols and for protocol fields with a text string representation. Matches are case-insensitive by default. For example, to search for a given WAP WSP User-Agent, you can write:
wsp.user_agent matches "cldc"
This would match "cldc", "CLDC", "cLdC" or any other combination of upper and lower case letters.
You can force case sensitivity using
wsp.user_agent matches "(?-i)cldc"
This is an example of PCRE's (?option) construct. (?-i) performs a case-sensitive pattern match but other options can be specified as well. More information can be found in the pcrepattern(3) man page at http://perldoc.perl.org/perlre.html).
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments