Wireshark · Ethereal-users: [Ethereal-users] tethereal conversation: start and end time

Ethereal-users: [Ethereal-users] tethereal conversation: start and end time

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Pierre-Paul Lavoie <ppl@xxxxxxxxxxx>

Date: Wed, 18 Feb 2004 02:47:21 -0400

Hello,

	Currently I'm using the following command to extract
information for TCP conversation on a dump file:

	`tethereal -z conv,tcp -r file.log eth.src ne eth.src`

	I was wondering if it's also possible to get the
conversation start and end time? My current solution to
this is running tethereal a second time to find the first packet
and last packet on each conversation using a small AWK script.
However this is inefficient since it requires a pass for each
conversation.

	Also, I'm using "eth.src ne eth.src" as an "always false"
filter so I don't get the packets one-line summary. Any better ways
of doing this?

Thanks,
ppl

P.S. The command run for each conversation look like this:

	tethereal -r file.log \(ip.addr eq $IP1 and ip.addr eq $IP2\) and
	\(tcp.port eq $PORT1 and tcp.port eq $PORT2\) | awk 'BEGIN
	{min = -1; max = 0;} { if (min == -1) min = $ 1; max = $1;}
	END {printf "%s %s", min, max;}'

Prev by Date: [Ethereal-users] Re: [Ethereal-dev] [PATCH] Fix handling of IP fragment bits
Next by Date: RE: [Ethereal-users] diplay filter for rtp.payload with 100% sile nce
Previous by thread: Re: [Ethereal-users] X11: sudo ethereal
Next by thread: [Ethereal-users] capturing last part of large file transfer
Index(es):
- Date
- Thread