Wireshark: Searching for Payload Keywords
I've been working on this for a couple of days now, read up on everything I could find via the wireshark wiki and googling for answers, to no avail.
I'm looking to make a filter that can handle multiple keywords, and if a keyword is found in the data of a packet (like in the html that's being sent over), it will display it.
Here's what I've got so far, didn't work as expected:
frame.protocols contains "http" and http contains "keyword1"
What happens to this is that GET requests come up (when "keyword1" is present inside), which means that it does work, sort of, but it's like the actual html (which is what I'm really interested in) is being ignored.
I've also tried it like "http contains "keyword1"", but the same thing happens.
If anyone could shed some light on this problem it'd be appreciated.