["Jesus M. Salvo Jr." <jsalvo@xxxxxxxxxxxxxxxxx>]

Okay, I have done a few scripts that does the following:

* For a specified capture file, get all those SYN packets.
* For each SYN packet, get the IP addresses and port numbers of each
host, 
* For each combination of IP addresses and port numbers, run tethereal
with the following filter: ( ip.addr == <x> and ip.addr == <y> ) and (
tcp.port == <port of x> and tcp.port == <port of y> ), then output to a
separate packet dump using the -w option.

Works for the specific streams that I have, just not sure if it is
applicable with other protocols. Of course, it only works with TCP.


John

Guy Harris wrote:
> 
> > ... but I have about hundreds of TCP streams within a single packet dump
> > file. I was just wondering if there is an easier way to do this ( i.e.
> > command-line/tethereal ) so that if I fire the script to tethereal with
> > the specified filter expression, I can generate all hundreds of new
> > packet dump files, each one a separate TCP stream.
> 
> No.
> 
> A filter expression generates a Boolean, i.e. a "yes or no", result;
> that's not sufficient to generate multiple streams in a single
> operation.
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users