In older versions of Wireshark, you used to have the ability to search upwards or downwards. I am running version 2.6.8, as part of the Kali Linux distribution and no longer have the ability to do so. The challenge is that I am looking for the "LAST" instance of a particular string, but the default search behavior seems to search from the top -> down.

Any ideas?

Thank you in advance.

answered 2019-05-04 23:04:20 +0000

It looks like the forward/backward option wasn't yet ported to the QT UI. You might want to add an enhancement request at the Wireshark bug tracker:

Other than that you could try this workaround - search for what you need (which will only to it top -> down), but after the first downward search use the CTRL-B hotkey to "Find Previous" until you find what you need.

You don't even need to find forward first, just fill in the search criteria and hit Ctrl-B (Windows) / ⌘B (macOS) and the search will be done backwards. The enhancement would be the addition of a Find backwards button.

Jaap ( 2019-05-05 11:02:39 +0000 )

