Wireshark · Ethereal-users: Re: [Ethereal-users] Tethereal filtering - file to file

Ethereal-users: Re: [Ethereal-users] Tethereal filtering - file to file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "M.C. van den Bovenkamp" <marco@xxxxxxxxxxxxxxxxxxx>

Date: Wed, 21 Nov 2001 14:20:15 +0100

Tinga Shilo wrote:

- What filters should I use, capture-filters or read-filters ?

Depends on what you want to do. If you can filter on it with apcap-style filter, you can use a capture filter ('-f' or command linearguments), if not, you have to use a display filter ('-R' option).

- The "-c" option works, but can I do something like "the last 100packets of the file" ?



Editcap can do that.

- Can I do something like "all the packets between two time stamps inthe file" ?



With tethereal and a display filter on 'frame.time' you should be able to.

			Regards,

				Marco.

Follow-Ups:
- Re: [Ethereal-users] Tethereal filtering - file to file
  - From: Guy Harris

References:
- [Ethereal-users] Tethereal filtering - file to file
  - From: Tinga Shilo

Prev by Date: [Ethereal-users] Tethereal filtering - file to file
Next by Date: Re: [Ethereal-users] Using Ethereal Windows version for monitoring IEEE 802.11b traffi c
Previous by thread: [Ethereal-users] Tethereal filtering - file to file
Next by thread: Re: [Ethereal-users] Tethereal filtering - file to file
Index(es):
- Date
- Thread