Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Wed, 15 Mar 2006 00:25:00 +0100
On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> So can I do wildcards for the date?  Because the log file spans over several days and it would just be easier to wildcard out the date.

No it cannot.

Attached you'll find a perl script I wrote a while ago that splits a
capture file in 5m files (starting at X:00 X:05 X:10 X:15 ... ) you
can modify it to fit you needs.


>
> > ---------- Forwarded message ---------- From: LEGO
> > <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re:
> > [Ethereal-users] tethereal uses too much memory to filter packets from
> > file To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> >
> >
> > I just added -A <start time> and -B <stop time> to editcap, this way you
> > can select to have in the file just those packets that happen in a certain
> > period of time.
> >
> > $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19' in.pcap
> > out.pcap
> >
> > This one can filter by date  even a file N times bigger than the ram...
> >
> >
> > you can get it  http://www.ethereal.com/distribution/buildbot-builds/ it's
> > on revision 17614 or higher.
> >
> > L
> >
> > On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> >> By the way, multiple tethereal runsare also acceptable, such as running
> >> tethereal 6 times for each experiment to get the output, then putting
> >> all the output together.  However I can't find time wildcards to even
> >> accomplish that...
> >>
> >>
> >>> Hi,
> >>>
> >>> I am not sure if calling this complex was the right term, however I
> >>> can't seem to find the exact filter to do what I need.
> >>>
> >>> I ran two sets of experiments and did them within 5 minutes of each
> >>> other so that they experienced similar network conditions.
> >>>
> >>> Therefore, experiment one ran on these minutes (inclusive) in an
> >>> hour: 00-04,10-14,20-24,30-34,40-44,50-54
> >>>
> >>> Experiment two ran during these minutes (inclusive) in an hour:
> >>> 05-09,15-19,25-29,35-39,45-49,55-59
> >>>
> >>> Therefore, I am looking for a filter for tethereal/ethereal so that i
> >>> can see only packets from experiment one from a log file.
> >>>
> >>> I've read about "frame.time", but I can't figure out how to do
> >>> wildcards with it, it always needs a specific day attached with it as
> >>> far as i can tell.
> >>>
> >>> I'd greatly appreciate any help.
> >>>
> >>> Thanks! George
> >>>
> >>> _______________________________________________ Ethereal-users
> >>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>
> >>>
> >>
> >>
> >> --
> >>
> >> _______________________________________________ Ethereal-users mailing
> >> list Ethereal-users@xxxxxxxxxxxx
> >> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>
> >
> >
> > -- This information is top security. When you have read it, destroy
> > yourself. -- Marshall McLuhan
> > _______________________________________________ Ethereal-users mailing
> > list Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> >
>
>
> --
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Attachment: split_5m
Description: Binary data