 | 1 | initial version |
Which field contains your data? There is the string() function to transform a field value to a string. This makes it possible to do a regex on that field. Here is an example:
string(arp.src.hw_mac) ~ ".c:..:9d:77:0f:4b"
(where the . is a wildcard for any character, so any nibble in this case)
Please note that Wireshark uses the GNU regular expression library and therefor the syntax is similar but not exactly the PCRE syntax, see the link to the library for more details on the syntax.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.