![wireshark search for string wireshark search for string](https://nimishprabhu.com/wp-content/uploads/2013/06/wireshark-capture-options.jpg)
Type in the search string, such as user-sync, to find when p4 sync was run while Wireshark was monitoring the network traffic.
![wireshark search for string wireshark search for string](https://www.cellstream.com/images/2019-09-26_10-05-05.jpg)
In Wireshark, select 'Edit Find Packet String Packet bytes'. Does the protocol or text string match the given Perl regular expression The 'contains' operator allows a filter to search for a sequence of characters, expressed as a string (quoted or unquoted), or bytes, expressed as a byte array, or for a single character, expressed as a C-style character constant. This is usually needed to correlate your Wireshark trace with a P4V or Perforce server log. ")" ) - Loop over string local string_length for i = 20, length - 1, 1 do if ( buffer ( i, 1 ): le_uint () = 0 ) then string_length = i - 20 break end end subtree : add_le ( full_coll_name, buffer ( 20, string_length )) subtree : add_le ( number_to_skip, buffer ( 20 + string_length, 4 )) subtree : add_le ( number_to_return, buffer ( 24 + string_length, 4 )) subtree : add_le ( query, buffer ( 28 + string_length, length - string_length - 28 )) elseif opcode_name = "OP_REPLY" then local response_flags_number = buffer ( 16, 4 ): le_uint () local response_flags_description = get_response_flag_description ( response_flags_number ) subtree : add_le ( response_flags, buffer ( 16, 4 )): append_text ( " (". wireshark other options -R 'filter expression' tshark other. ")" ) - Payload if opcode_name = "OP_QUERY" then local flags_number = buffer ( 16, 4 ): le_uint () local flags_description = get_flag_description ( flags_number ) subtree : add_le ( flags, buffer ( 16, 4 )): append_text ( " (". name local subtree = tree : add ( mongodb_protocol, buffer (), "MongoDB Protocol Data" ) - Header subtree : add_le ( message_length, buffer ( 0, 4 )) subtree : add_le ( request_id, buffer ( 4, 4 )) subtree : add_le ( response_to, buffer ( 8, 4 )) local opcode_number = buffer ( 12, 4 ): le_uint () local opcode_name = get_opcode_name ( opcode_number ) subtree : add_le ( opcode, buffer ( 12, 4 )): append_text ( " (". This capture filter narrows down the capture on UDP/53. dissector ( buffer, pinfo, tree ) length = buffer : len () if length = 0 then return end pinfo. With Wireshark now installed on this DNS server I opened it up and soon created a Wireshark DNS filter to narrow down interesting DNS activity as much as possible with this capture filter: udp port 53 and not host 8.8.8.8 and not host 4.2.2.2 and not host 4.2.2.3. int32 ( "mongodb.flags", "flags", base. DEC ) - Payload fields flags = ProtoField. int32 ( "mongodb.opcode", "opCode", base. int32 ( "mongodb.responseto", "responseTo", base. int32 ( "mongodb.requestid", "requestID", base. int32 ( "ssage_length", "messageLength", base. Mongodb_protocol = Proto ( "MongoDB", "MongoDB Protocol" ) - Header fields message_length = ProtoField.