diff options
Diffstat (limited to 'doc/wireshark-filter.pod')
| -rw-r--r-- | doc/wireshark-filter.pod | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/wireshark-filter.pod b/doc/wireshark-filter.pod index 98e5c60383..b3d7d2cc04 100644 --- a/doc/wireshark-filter.pod +++ b/doc/wireshark-filter.pod @@ -103,6 +103,7 @@ The filter language has the following functions: lower(string-field) - converts a string field to lowercase len(field) - returns the byte length of a string or bytes field count(field) - returns the number of field occurrences in a frame + string(field) - converts a non-string field to string upper() and lower() are useful for performing case-insensitive string comparisons. For example: @@ -110,6 +111,15 @@ comparisons. For example: upper(ncp.nds_stream_name) contains "MACRO" lower(mount.dump.hostname) == "angel" +string() converts a field value to a string, suitable for use with operators like +"matches" or "contains". Integer fields are converted to their decimal representation. +It can be used with IP/Ethernet addresses (as well as others), but not with string or +byte fields. For example: + + string(frame.number) matches "[13579]$" + +gives you all the odd packets. + =head2 Protocol field types Each protocol field is typed. The types are: |