Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "George P Nychis" <gnychis@xxxxxxx>
Date: Tue, 14 Mar 2006 18:35:10 -0500 (EST)
Is it splitting by relative time or by actual time?


> be patient... perl is powerful be sure about it but it is slow, very
> slow!
> 
> On 3/15/06, George P Nychis <gnychis@xxxxxxx> wrote:
>> oh awesome, thank you very much for all your help, I will look through
>> your script and use it :)
>> 
>> - George
>> 
>> 
>>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
>>>> So can I do wildcards for the date?  Because the log file spans
>>>> over several days and it would just be easier to wildcard out the
>>>> date.
>>> 
>>> No it cannot.
>>> 
>>> Attached you'll find a perl script I wrote a while ago that splits a 
>>> capture file in 5m files (starting at X:00 X:05 X:10 X:15 ... ) you
>>> can modify it to fit you needs.
>>> 
>>> 
>>>> 
>>>>> ---------- Forwarded message ---------- From: LEGO 
>>>>> <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re:
>>>>>  [Ethereal-users] tethereal uses too much memory to filter
>>>>> packets from file To: Ethereal user support
>>>>> <ethereal-users@xxxxxxxxxxxx>
>>>>> 
>>>>> 
>>>>> I just added -A <start time> and -B <stop time> to editcap, this
>>>>> way you can select to have in the file just those packets that
>>>>> happen in a certain period of time.
>>>>> 
>>>>> $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19'
>>>>> in.pcap out.pcap
>>>>> 
>>>>> This one can filter by date  even a file N times bigger than the 
>>>>> ram...
>>>>> 
>>>>> 
>>>>> you can get it
>>>>> http://www.ethereal.com/distribution/buildbot-builds/ it's on
>>>>> revision 17614 or higher.
>>>>> 
>>>>> L
>>>>> 
>>>>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
>>>>>> By the way, multiple tethereal runsare also acceptable, such as
>>>>>>  running tethereal 6 times for each experiment to get the
>>>>>> output, then putting all the output together.  However I can't
>>>>>> find time wildcards to even accomplish that...
>>>>>> 
>>>>>> 
>>>>>>> Hi,
>>>>>>> 
>>>>>>> I am not sure if calling this complex was the right term,
>>>>>>> however I can't seem to find the exact filter to do what I
>>>>>>> need.
>>>>>>> 
>>>>>>> I ran two sets of experiments and did them within 5 minutes
>>>>>>> of each other so that they experienced similar network
>>>>>>> conditions.
>>>>>>> 
>>>>>>> Therefore, experiment one ran on these minutes (inclusive) in
>>>>>>> an hour: 00-04,10-14,20-24,30-34,40-44,50-54
>>>>>>> 
>>>>>>> Experiment two ran during these minutes (inclusive) in an
>>>>>>> hour: 05-09,15-19,25-29,35-39,45-49,55-59
>>>>>>> 
>>>>>>> Therefore, I am looking for a filter for tethereal/ethereal
>>>>>>> so that i can see only packets from experiment one from a log
>>>>>>> file.
>>>>>>> 
>>>>>>> I've read about "frame.time", but I can't figure out how to
>>>>>>> do wildcards with it, it always needs a specific day attached
>>>>>>> with it as far as i can tell.
>>>>>>> 
>>>>>>> I'd greatly appreciate any help.
>>>>>>> 
>>>>>>> Thanks! George
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx 
>>>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> _______________________________________________ Ethereal-users 
>>>>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>>>> 
>>>>> 
>>>>> 
>>>>> -- This information is top security. When you have read it,
>>>>> destroy yourself. -- Marshall McLuhan 
>>>>> _______________________________________________ Ethereal-users 
>>>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> --
>>>> 
>>>> _______________________________________________ Ethereal-users
>>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>> 
>>> 
>>> 
>>> -- This information is top security. When you have read it, destroy 
>>> yourself. -- Marshall McLuhan 
>>> _______________________________________________ Ethereal-users
>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>> 
>> 
>> 
>> --
>> 
>> _______________________________________________ Ethereal-users mailing
>> list Ethereal-users@xxxxxxxxxxxx 
>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>> 
> 
> 
> -- This information is top security. When you have read it, destroy
> yourself. -- Marshall McLuhan 
> _______________________________________________ Ethereal-users mailing
> list Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> 


--