I've seen many posts on Ethereal-users as well as
other exchanges across the net regarding filtering
data in the info field after capturing data packets
with Ethereal, so here is one solution that works:
1. Define any of your protocol filters and what not
and apply the changes.
2. Change your display options to Date and Time of day
AIM Example:
1. Print to file (.txt extension) summary only
2. Import file to excel -- clean up any erroneous
column markers
The fields that I generally have now are:
No. -- General
Date -- Text (You must add this field heading on your
own -- will probably be field3 or time to start with
-- move the Time over one column)
Time -- Text
Source -- General
Destination -- General
Protocol -- General
Info -- General
3. Save excel file
4. Open MS Access
5. Import the Excel File into a new table -- check to
make sure that the date and time are displayed
properly
6. Go to 'Queries'
7. Go to design view and choose SQL
Example Query:
SELECT *
FROM TableName
WHERE Info LIKE "Messag*"
ORDER BY Date, Time;
This will filter out any info fields not starting with
Messag and then order everything by date and time.
Now that this query is setup you should see the AIM
conversations in the correct order: Message From: --
Message To: in the correct order.
Your data is now clearly viewable. Your options with
the queries are virtually unlimited. I use coldfusion
to create a web based keyword search interface that
uses the data packet database. You could also apply
the Google engine to speed up the search process for
larger files.
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/