Ethereal-users: [Ethereal-users] bug in editcap start time and end time? -A -B

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "George P Nychis" <gnychis@xxxxxxx>
Date: Wed, 15 Mar 2006 15:12:59 -0500 (EST)
gnychis@monster ~/school/15744/project/logs $ editcap -A '2006-03-02 02:12:00' -B '2006-03-02 02:47:00' scen1-comcast_to_ini-comcast.log test-start0.log
editcap: start time is after the stop time

My start time doesn't seem to be after the stop time...


> ---------- Forwarded message ---------- From: LEGO
> <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re:
> [Ethereal-users] tethereal uses too much memory to filter packets from
> file To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> 
> 
> I just added -A <start time> and -B <stop time> to editcap, this way you
> can select to have in the file just those packets that happen in a certain
> period of time.
> 
> $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19' in.pcap
> out.pcap
> 
> This one can filter by date  even a file N times bigger than the ram...
> 
> 
> you can get it  http://www.ethereal.com/distribution/buildbot-builds/ it's
> on revision 17614 or higher.
> 
> L
> 
> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
>> By the way, multiple tethereal runsare also acceptable, such as running
>> tethereal 6 times for each experiment to get the output, then putting
>> all the output together.  However I can't find time wildcards to even
>> accomplish that...
>> 
>> 
>>> Hi,
>>> 
>>> I am not sure if calling this complex was the right term, however I
>>> can't seem to find the exact filter to do what I need.
>>> 
>>> I ran two sets of experiments and did them within 5 minutes of each
>>> other so that they experienced similar network conditions.
>>> 
>>> Therefore, experiment one ran on these minutes (inclusive) in an
>>> hour: 00-04,10-14,20-24,30-34,40-44,50-54
>>> 
>>> Experiment two ran during these minutes (inclusive) in an hour: 
>>> 05-09,15-19,25-29,35-39,45-49,55-59
>>> 
>>> Therefore, I am looking for a filter for tethereal/ethereal so that i
>>> can see only packets from experiment one from a log file.
>>> 
>>> I've read about "frame.time", but I can't figure out how to do
>>> wildcards with it, it always needs a specific day attached with it as
>>> far as i can tell.
>>> 
>>> I'd greatly appreciate any help.
>>> 
>>> Thanks! George
>>> 
>>> _______________________________________________ Ethereal-users
>>> mailing list Ethereal-users@xxxxxxxxxxxx 
>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>> 
>>> 
>> 
>> 
>> --
>> 
>> _______________________________________________ Ethereal-users mailing
>> list Ethereal-users@xxxxxxxxxxxx 
>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>> 
> 
> 
> -- This information is top security. When you have read it, destroy
> yourself. -- Marshall McLuhan 
> _______________________________________________ Ethereal-users mailing
> list Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> 


--