Coloring rule depending on future packet

asked 2019-01-31 11:30:55 +0000

M@xF@actor gravatar image

Hi all,

in some rules I use fields that depends on future packets:

@DNS REQ [UNANSWERED]@dns && dns.flags.response==0 and !dns.response_in

Sometimes the rule does not match and I have to reapply them to get the work done.

Is there a way to force a "2-pass analysis" or at least to modify the "timeout" after which Wireshark declares the rule as non-matching?

Thanks Gian

edit retag flag offensive close merge delete