Errata corrige:
line 18:
my $ot = int($hdr{tv_sec} / 3600) * 3600;
On 3/15/06, LEGO <luis.ontanon@xxxxxxxxx> wrote:
> by relative time...
>
> change line 18 to
>
> my $ot = int($hdr{tv_sec} / 3600);
>
> and line 22 to:
>
> if ($hdr{tv_sec} > $ot + 3600 )
>
> and it will split the file in file containing exact hours.
>
> On 3/15/06, George P Nychis <gnychis@xxxxxxx> wrote:
> > Is it splitting by relative time or by actual time?
> >
> >
> > > be patient... perl is powerful be sure about it but it is slow, very
> > > slow!
> > >
> > > On 3/15/06, George P Nychis <gnychis@xxxxxxx> wrote:
> > >> oh awesome, thank you very much for all your help, I will look through
> > >> your script and use it :)
> > >>
> > >> - George
> > >>
> > >>
> > >>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> > >>>> So can I do wildcards for the date? Because the log file spans
> > >>>> over several days and it would just be easier to wildcard out the
> > >>>> date.
> > >>>
> > >>> No it cannot.
> > >>>
> > >>> Attached you'll find a perl script I wrote a while ago that splits a
> > >>> capture file in 5m files (starting at X:00 X:05 X:10 X:15 ... ) you
> > >>> can modify it to fit you needs.
> > >>>
> > >>>
> > >>>>
> > >>>>> ---------- Forwarded message ---------- From: LEGO
> > >>>>> <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re:
> > >>>>> [Ethereal-users] tethereal uses too much memory to filter
> > >>>>> packets from file To: Ethereal user support
> > >>>>> <ethereal-users@xxxxxxxxxxxx>
> > >>>>>
> > >>>>>
> > >>>>> I just added -A <start time> and -B <stop time> to editcap, this
> > >>>>> way you can select to have in the file just those packets that
> > >>>>> happen in a certain period of time.
> > >>>>>
> > >>>>> $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19'
> > >>>>> in.pcap out.pcap
> > >>>>>
> > >>>>> This one can filter by date even a file N times bigger than the
> > >>>>> ram...
> > >>>>>
> > >>>>>
> > >>>>> you can get it
> > >>>>> http://www.ethereal.com/distribution/buildbot-builds/ it's on
> > >>>>> revision 17614 or higher.
> > >>>>>
> > >>>>> L
> > >>>>>
> > >>>>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> > >>>>>> By the way, multiple tethereal runsare also acceptable, such as
> > >>>>>> running tethereal 6 times for each experiment to get the
> > >>>>>> output, then putting all the output together. However I can't
> > >>>>>> find time wildcards to even accomplish that...
> > >>>>>>
> > >>>>>>
> > >>>>>>> Hi,
> > >>>>>>>
> > >>>>>>> I am not sure if calling this complex was the right term,
> > >>>>>>> however I can't seem to find the exact filter to do what I
> > >>>>>>> need.
> > >>>>>>>
> > >>>>>>> I ran two sets of experiments and did them within 5 minutes
> > >>>>>>> of each other so that they experienced similar network
> > >>>>>>> conditions.
> > >>>>>>>
> > >>>>>>> Therefore, experiment one ran on these minutes (inclusive) in
> > >>>>>>> an hour: 00-04,10-14,20-24,30-34,40-44,50-54
> > >>>>>>>
> > >>>>>>> Experiment two ran during these minutes (inclusive) in an
> > >>>>>>> hour: 05-09,15-19,25-29,35-39,45-49,55-59
> > >>>>>>>
> > >>>>>>> Therefore, I am looking for a filter for tethereal/ethereal
> > >>>>>>> so that i can see only packets from experiment one from a log
> > >>>>>>> file.
> > >>>>>>>
> > >>>>>>> I've read about "frame.time", but I can't figure out how to
> > >>>>>>> do wildcards with it, it always needs a specific day attached
> > >>>>>>> with it as far as i can tell.
> > >>>>>>>
> > >>>>>>> I'd greatly appreciate any help.
> > >>>>>>>
> > >>>>>>> Thanks! George
> > >>>>>>>
> > >>>>>>> _______________________________________________
> > >>>>>>> Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx
> > >>>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >>>>>>>
> > >>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> --
> > >>>>>>
> > >>>>>> _______________________________________________ Ethereal-users
> > >>>>>> mailing list Ethereal-users@xxxxxxxxxxxx
> > >>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>> -- This information is top security. When you have read it,
> > >>>>> destroy yourself. -- Marshall McLuhan
> > >>>>> _______________________________________________ Ethereal-users
> > >>>>> mailing list Ethereal-users@xxxxxxxxxxxx
> > >>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>>
> > >>>> _______________________________________________ Ethereal-users
> > >>>> mailing list Ethereal-users@xxxxxxxxxxxx
> > >>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >>>>
> > >>>
> > >>>
> > >>> -- This information is top security. When you have read it, destroy
> > >>> yourself. -- Marshall McLuhan
> > >>> _______________________________________________ Ethereal-users
> > >>> mailing list Ethereal-users@xxxxxxxxxxxx
> > >>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >>>
> > >>
> > >>
> > >> --
> > >>
> > >> _______________________________________________ Ethereal-users mailing
> > >> list Ethereal-users@xxxxxxxxxxxx
> > >> http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >>
> > >
> > >
> > > -- This information is top security. When you have read it, destroy
> > > yourself. -- Marshall McLuhan
> > > _______________________________________________ Ethereal-users mailing
> > > list Ethereal-users@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >
> > >
> >
> >
> > --
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan