Ask Your Question

Revision history [back]

Coloring rule depending on future packet

Hi all,

in some rules I use fields that depends on future packets:

@DNS REQ [UNANSWERED]@dns && dns.flags.response==0 and !dns.response_in

Sometimes the rule does not match and I have to reapply them to get the work done.

Is there a way to force a "2-pass analysis" or at least to modify the "timeout" after which Wireshark declares the rule as non-matching?

Thanks Gian