Coloring rule depending on future packet

retag add tags

Hi all,

in some rules I use fields that depends on future packets:

@DNS REQ [UNANSWERED]@dns && dns.flags.response==0 and !dns.response_in

Sometimes the rule does not match and I have to reapply them to get the work done.

Is there a way to force a "2-pass analysis" or at least to modify the "timeout" after which Wireshark declares the rule as non-matching?

Thanks Gian

M@xF@actor

asked 2019-01-31 11:30:55 +0000

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Coloring rule depending on future packet edit

Comments

Be the first one to answer this question!

Coloring rule depending on future packet