Wireshark · Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Wed, 15 Mar 2006 00:31:01 +0100

be patient... perl is powerful be sure about it but it is slow, very slow!

On 3/15/06, George P Nychis <gnychis@xxxxxxx> wrote:
> oh awesome, thank you very much for all your help, I will look through your script and use it :)
>
> - George
>
>
> > On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> >> So can I do wildcards for the date?  Because the log file spans over
> >> several days and it would just be easier to wildcard out the date.
> >
> > No it cannot.
> >
> > Attached you'll find a perl script I wrote a while ago that splits a
> > capture file in 5m files (starting at X:00 X:05 X:10 X:15 ... ) you can
> > modify it to fit you needs.
> >
> >
> >>
> >>> ---------- Forwarded message ---------- From: LEGO
> >>> <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re:
> >>> [Ethereal-users] tethereal uses too much memory to filter packets
> >>> from file To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> >>>
> >>>
> >>> I just added -A <start time> and -B <stop time> to editcap, this way
> >>> you can select to have in the file just those packets that happen in a
> >>> certain period of time.
> >>>
> >>> $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19' in.pcap
> >>> out.pcap
> >>>
> >>> This one can filter by date  even a file N times bigger than the
> >>> ram...
> >>>
> >>>
> >>> you can get it  http://www.ethereal.com/distribution/buildbot-builds/
> >>> it's on revision 17614 or higher.
> >>>
> >>> L
> >>>
> >>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> >>>> By the way, multiple tethereal runsare also acceptable, such as
> >>>> running tethereal 6 times for each experiment to get the output,
> >>>> then putting all the output together.  However I can't find time
> >>>> wildcards to even accomplish that...
> >>>>
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> I am not sure if calling this complex was the right term, however
> >>>>> I can't seem to find the exact filter to do what I need.
> >>>>>
> >>>>> I ran two sets of experiments and did them within 5 minutes of
> >>>>> each other so that they experienced similar network conditions.
> >>>>>
> >>>>> Therefore, experiment one ran on these minutes (inclusive) in an
> >>>>> hour: 00-04,10-14,20-24,30-34,40-44,50-54
> >>>>>
> >>>>> Experiment two ran during these minutes (inclusive) in an hour:
> >>>>> 05-09,15-19,25-29,35-39,45-49,55-59
> >>>>>
> >>>>> Therefore, I am looking for a filter for tethereal/ethereal so
> >>>>> that i can see only packets from experiment one from a log file.
> >>>>>
> >>>>> I've read about "frame.time", but I can't figure out how to do
> >>>>> wildcards with it, it always needs a specific day attached with
> >>>>> it as far as i can tell.
> >>>>>
> >>>>> I'd greatly appreciate any help.
> >>>>>
> >>>>> Thanks! George
> >>>>>
> >>>>> _______________________________________________ Ethereal-users
> >>>>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>>
> >>>> _______________________________________________ Ethereal-users
> >>>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>>
> >>>
> >>>
> >>> -- This information is top security. When you have read it, destroy
> >>> yourself. -- Marshall McLuhan
> >>> _______________________________________________ Ethereal-users
> >>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>
> >>>
> >>
> >>
> >> --
> >>
> >> _______________________________________________ Ethereal-users mailing
> >> list Ethereal-users@xxxxxxxxxxxx
> >> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>
> >
> >
> > -- This information is top security. When you have read it, destroy
> > yourself. -- Marshall McLuhan
> > _______________________________________________ Ethereal-users mailing
> > list Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
>
> --
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Follow-Ups:
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis

References:
- [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: LEGO
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: LEGO
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis

Prev by Date: Re: [Ethereal-users] need help creating a complex time filter
Next by Date: Re: [Ethereal-users] need help creating a complex time filter
Previous by thread: Re: [Ethereal-users] need help creating a complex time filter
Next by thread: Re: [Ethereal-users] need help creating a complex time filter
Index(es):
- Date
- Thread