Wireshark-users: Re: [Wireshark-users] How to extract ONLY the info I want from captured data(Eth

From: "Hans Nilsson" <hasse_gg@xxxxxxxx>
Date: Thu, 16 Nov 2006 09:45:39 -1100
I guess it would be a better idea to take the data directly from the
libpcap-file then?

On Thu, 16 Nov 2006 11:23:38 +0800, "Jeff Morriss"
<jeff.morriss@xxxxxxxxxxx> said:
> 
> Though that does rely on Wireshark/tshark's output not changing.  (E.g., 
> if I currently match on FooBar and it changes to FooV2Bar because 
> someone added V3 support, my text processing just broke!)
> 
> Jaap Keuter wrote:
> > Hi,
> > 
> > Sure, output as textfile, postprocess with [perl, awk, your favorite].
> > String together the strength of small powerful tools, instead of putting
> > all in one.
> > 
> > Thanx,
> > Jaap
> > 
> > On Mon, 13 Nov 2006, Sean WANG wrote:
> > 
> >> Hi,
> >>
> >> I have a captured data file. How do I extract ONLY the info I am
> >> interested for each packet? I want the output file contain only (Source
> >> IP, Destination IP, Source Port, Destination Port, Protocol, Received
> >> Time).
> >>
> >> Is there any command of Ethereal that I can use? Or do you have any
> >> other suggestions?
> >> Thx a lot.
> >>
> >> Regards,
> >> Sean
> >>
> >>
> > 
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> > 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
-- 
  Hans Nilsson
  hasse_gg@xxxxxxxx

-- 
http://www.fastmail.fm - Does exactly what it says on the tin