There are several options you can go with here. If your payload isn't too large, then you could go with the above solution of using the
string tolower command
if { [string tolower [TCP::payload]] contains "update" } {
...
}
But, for large payloads, this might require too much memory usage that you would like to give up. In that case, you could use a regular expression search
if { [regexp {[Uu][Pp][Dd][Aa][Tt][Ee]} [TCP::payload]] == 1 } {
...
}
Another thing to consider is whether you are going to be making a lot more than one comparison. Too many regexps might cause too much CPU usage for processing, so you might want to go back to the first method, but store it in a temporary variable so you don't have to create the temporary string for each match.
set content [string tolower [TCP::payload]]
if { $content contains "update" } {
...
} elseif { $content contains "command2" } {
...
}
Lots of options. Choose the best for your situation.
-Joe