Thanks. This actually works just great for my purposes. I can then pipe
the output to a simple filter to get the columns i am interested in.
-Krishna
On Thu, 18 Sep 2003, Guy Harris wrote:
>
> On Sep 18, 2003, at 12:23 PM, Krishna N. Ramachandran wrote:
>
> > I am interested in logging only certain fields in the ethereal log
> > files. As an example, I may want to log only the IP Identification
> > and IP length fields of all packets that I see. The motivation is to
> > record only those fields I am interested in analyzing, in order to save
> > space. Is this possible using tethereal?
>
> That depends on what you mean by "ethereal log files".
>
> It's not possible to do so in an Ethereal *capture* file. A capture
> file contains raw packet data.
>
> If, however, you don't write to an Ethereal capture file, and just
> write to a text file, it's almost possible:
>
> tethereal -r capture_file -z proto,colinfo,ip.id,ip.id -z
> proto,colinfo,ip.len,ip.len
>
> to extract that information from an existing capture file, and
>
> tethereal -z proto,colinfo,ip.id,ip.id -z proto,colinfo,ip.len,ip.len
> ip
>
> to capture on the default network interface (use "-i" to specify a
> different interface, as with any other type of Ethereal capture), with
> a filter that captures only IP packets.
>
> I say "almost possible" because that still displays all the regular
> columns - it just happens to put
> "ip.len == M" and "ip.id == N" (in that order) at the end of the Info
> column.
>
>