Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "George P Nychis" <gnychis@xxxxxxx>
Date: Tue, 14 Mar 2006 18:28:07 -0500 (EST)
oh awesome, thank you very much for all your help, I will look through your script and use it :)

- George


> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
>> So can I do wildcards for the date?  Because the log file spans over
>> several days and it would just be easier to wildcard out the date.
> 
> No it cannot.
> 
> Attached you'll find a perl script I wrote a while ago that splits a 
> capture file in 5m files (starting at X:00 X:05 X:10 X:15 ... ) you can
> modify it to fit you needs.
> 
> 
>> 
>>> ---------- Forwarded message ---------- From: LEGO 
>>> <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re: 
>>> [Ethereal-users] tethereal uses too much memory to filter packets
>>> from file To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
>>> 
>>> 
>>> I just added -A <start time> and -B <stop time> to editcap, this way
>>> you can select to have in the file just those packets that happen in a
>>> certain period of time.
>>> 
>>> $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19' in.pcap 
>>> out.pcap
>>> 
>>> This one can filter by date  even a file N times bigger than the
>>> ram...
>>> 
>>> 
>>> you can get it  http://www.ethereal.com/distribution/buildbot-builds/
>>> it's on revision 17614 or higher.
>>> 
>>> L
>>> 
>>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
>>>> By the way, multiple tethereal runsare also acceptable, such as
>>>> running tethereal 6 times for each experiment to get the output,
>>>> then putting all the output together.  However I can't find time
>>>> wildcards to even accomplish that...
>>>> 
>>>> 
>>>>> Hi,
>>>>> 
>>>>> I am not sure if calling this complex was the right term, however
>>>>> I can't seem to find the exact filter to do what I need.
>>>>> 
>>>>> I ran two sets of experiments and did them within 5 minutes of
>>>>> each other so that they experienced similar network conditions.
>>>>> 
>>>>> Therefore, experiment one ran on these minutes (inclusive) in an 
>>>>> hour: 00-04,10-14,20-24,30-34,40-44,50-54
>>>>> 
>>>>> Experiment two ran during these minutes (inclusive) in an hour: 
>>>>> 05-09,15-19,25-29,35-39,45-49,55-59
>>>>> 
>>>>> Therefore, I am looking for a filter for tethereal/ethereal so
>>>>> that i can see only packets from experiment one from a log file.
>>>>> 
>>>>> I've read about "frame.time", but I can't figure out how to do 
>>>>> wildcards with it, it always needs a specific day attached with
>>>>> it as far as i can tell.
>>>>> 
>>>>> I'd greatly appreciate any help.
>>>>> 
>>>>> Thanks! George
>>>>> 
>>>>> _______________________________________________ Ethereal-users 
>>>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> --
>>>> 
>>>> _______________________________________________ Ethereal-users
>>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>> 
>>> 
>>> 
>>> -- This information is top security. When you have read it, destroy 
>>> yourself. -- Marshall McLuhan 
>>> _______________________________________________ Ethereal-users
>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>> 
>>> 
>> 
>> 
>> --
>> 
>> _______________________________________________ Ethereal-users mailing
>> list Ethereal-users@xxxxxxxxxxxx 
>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>> 
> 
> 
> -- This information is top security. When you have read it, destroy
> yourself. -- Marshall McLuhan 
> _______________________________________________ Ethereal-users mailing
> list Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 


--