Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Tue, 14 Mar 2006 03:36:45 +0100
---------- Forwarded message ----------
From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Mar 13, 2006 11:28 PM
Subject: Re: [Ethereal-users] tethereal uses too much memory to filter
packets from file
To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>


I just added -A <start time> and -B <stop time> to editcap, this way
you can select to have in the file just those packets that happen in a
certain period of time.

$ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19' in.pcap out.pcap

This one can filter by date  even a file N times bigger than the ram...


you can get it  http://www.ethereal.com/distribution/buildbot-builds/
it's on revision 17614 or higher.

L

On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> By the way, multiple tethereal runsare also acceptable, such as running tethereal 6 times for each experiment to get the output, then putting all the output together.  However I can't find time wildcards to even accomplish that...
>
>
> > Hi,
> >
> > I am not sure if calling this complex was the right term, however I can't
> > seem to find the exact filter to do what I need.
> >
> > I ran two sets of experiments and did them within 5 minutes of each other
> > so that they experienced similar network conditions.
> >
> > Therefore, experiment one ran on these minutes (inclusive) in an hour:
> > 00-04,10-14,20-24,30-34,40-44,50-54
> >
> > Experiment two ran during these minutes (inclusive) in an hour:
> > 05-09,15-19,25-29,35-39,45-49,55-59
> >
> > Therefore, I am looking for a filter for tethereal/ethereal so that i can
> > see only packets from experiment one from a log file.
> >
> > I've read about "frame.time", but I can't figure out how to do wildcards
> > with it, it always needs a specific day attached with it as far as i can
> > tell.
> >
> > I'd greatly appreciate any help.
> >
> > Thanks! George
> >
> > _______________________________________________ Ethereal-users mailing
> > list Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> >
>
>
> --
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan