display filter caps only

displayFilter

asked 2022-10-15 07:11:37 +0000

Searching for executable files that begin with ascii "MZ".

http contains MZ

I create the filter then Follow TCP Stream. I'm getting small cap hits (eg "mz"). I just want large cap hits (eg "MZ"). Using regex doesn't seem to work. Any way to specify case?

TIA

edit retag flag offensive close merge delete

Comments

Just to clarify:
- display filter http contains MZ is case sensitive
- Find: in the Follow TCP Stream window is not case sensitive

Chuckc ( 2022-10-15 14:24:20 +0000 )edit

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

display filter caps only

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

display filter caps only edit

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

display filter caps only