Hi all,
in some rules I use fields that depends on future packets:
@DNS REQ [UNANSWERED]@dns && dns.flags.response==0 and !dns.response_in
Sometimes the rule does not match and I have to reapply them to get the work done.
Is there a way to force a "2-pass analysis" or at least to modify the "timeout" after which Wireshark declares the rule as non-matching?
Thanks Gian
