Sake, I modified the filter, "Via.*\x0d\x0aVia.*" does work for the capture I've posted.
But, will it work in case if 'Via' headers ARE NOT next to each other? I mean, if a message looks like this: To: <sip:[EMAIL PROTECTED]>;tag=51d14022 From: 9094354499<sip:[EMAIL PROTECTED]>;tag=4c3d535f Via: SIP/2.0/UDP 10.10.10.10:5060;branch=z9hG4bKD22343432336665633a787.0 Call-ID: 22e38f2bcdd854c64a1178aa5d6358b2 Via: SIP/2.0/UDP 10.10.10.100;branch=z9hG4bK-4fe05e85f80de1da371f137b46b23e25;psrrposn=1 Contact: < sip:[EMAIL PROTECTED]
Via: SIP/2.0/UDP 10.10.10.50:5065 ;branch=z9hG4bK-d87543-9b1a2741582f6b580701-1-cHA4NmI1ZmE3MDEzOWRmZjFhMzViZg..-d87543- CSeq: 342974572 INVITE User-Agent: Tele2100 Will the above filter still work? Unfortunately I do not have message like this to test in Wireshark. So, in essence my goal if following: find a stingA in the packet followed by stringB, when between stringA and stringB there could be 0 or more CRLF. Which in plan English means that stringA and stringB could be in the same line (before CRLF), could be in in different lines. Anyone can help? I'm not a regex guru. --i.n. On 5/2/07, Sake Blok <[EMAIL PROTECTED]> wrote:
On Wed, May 02, 2007 at 10:05:47PM -0800, Irakli Natshvlishvili wrote: > I've just tried. Does not work. Can you poste a small capture file with a few packets that you would like to match against? Cheers, Sake _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
-- I.N.
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
