| Main Archive Page > Month Archives > wireshark-users archives |
Re: [Wireshark-users] tds question
From: Bill Meier <wmeier_at_nospam>Date: Thu Jan 05 2012 - 02:12:45 GMT
To: Community support list for Wireshark <wireshark-users@wireshark.org>
On 1/4/2012 11:07 AM, János Löbb wrote:
> Hi,
>
> I see here: http://www.wireshark.org/docs/dfref/t/tds.html
>
> That there is a tds7.message as display filter from version 1.0.0 to
> 1.6.0. My version is 1.6.2 and I do not see this display filter when
> I click on Expressions...
>
> What filter should I use if I want to filter all messages containing
> a specific word on the TDS data ?
>
> Thanks ahead,
>
1. Poking around the Wireshark sources a bit, I see that 'tds7.message'
is not actually a display filter field in Wireshark 1.6. It was last
available in the 1.4 release.
I don't know why the Display Filter Web page is incorrect.
In any case, even in the earlier versions, that particular filter
didn't actually do anything. :)
2. The following brute-force display filter should work:
tds contains "xxx" (where xxx is the searched for word).
This filter searches the complete TDS payload of any
TDS packet. Obviously you can add additional filters to restrict
searching to only TDS packets from the server, etc.
See http://wiki.wireshark.org/DisplayFilters for more examples.
Edit ! Find would also work but is not as flexible.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe