Will the regular expressions as listed at https://blog.ine.com/2008/01/06/under..., for bgp, work for wireshark also?
No. Wireshark supports bpf syntax for capture filters and it's own syntax for display filters.
Wireshark does support Perl-compatible regular expressions using the matches or ~ operator for certain fields. To quote the wireshark-filter man page:
The "matches" or "~" operator allows a filter to apply to a specified Perl-compatible regular expression (PCRE). The "matches" operator is only implemented for protocols and for protocol fields with a text string representation. Matches are case-insensitive by default. For example, to search for a given WAP WSP User-Agent, you can write:
wsp.user_agent matches "cldc"
This would match "cldc", "CLDC", "cLdC" or any other combination of upper and lower case letters.
You can force case sensitivity using
wsp.user_agent matches "(?-i)cldc"
This is an example of PCRE's (?option) construct. (?-i) performs a case-sensitive pattern match but other options can be specified as well. More information can be found in the pcrepattern(3) man page at http://perldoc.perl.org/perlre.html).
Asked: 2018-11-30 01:39:47 +0000
Seen: 513 times
Last updated: Nov 30 '18
