Finding strings in packets
You can search for string patterns found in the packet data of an Omnipeek capture window.
To find string patterns:
1. Select the Packets view of a capture window.
2. On the menu, click (or press ). The Find Pattern dialog appears.
3. Complete the dialog:
• Find in: Select the location where you would like to search.
• Packet data: Searches for a string using the chosen format anywhere in the raw data of the packet.
• Packet list headers: Searches for a match with a string found in the packet list headers; that is, with the text shown in the current set of columns in the Packet List pane of the Packets view for that packet.
• Decoded text: Searches for a match with a string found in the text of the decoded packet. This is like doing a text search in the Decode view portion of the text file which would be created by choosing Save Selected Packets as Text for the currently selected packets.
• Packet notes: Searches for a match with a string found in any Note associated with any packet in the Packet List pane. This is like doing a search in the optional Notes column of the Packets view.
• Format: Select the format of the pattern you wish to match. You can choose to test for a match in Default Text, UTF-8, Hex Data, or More Encodings (many other encodings).
• Find what: Type or select the string pattern you would like to find.
• Match case: Select this check box to match the string exactly as typed.
4. Click .
The first packet matching the string will be highlighted in the Packets view. To find the next matching packet in the sequence, on the menu, click (or press ).
TIP: The and commands search the packets in packet number order, starting from, but not including, the currently selected packet.
NOTE: The and commands are not supported from a Capture Engine capture window. In order to use these techniques, you must first save the packets to an Omnipeek capture file. See Using hide and unhide on a Capture Engine.