I guess it would be a better idea to take the data directly from the
libpcap-file then?
On Thu, 16 Nov 2006 11:23:38 +0800, "Jeff Morriss"
<jeff.morriss@xxxxxxxxxxx> said:
>
> Though that does rely on Wireshark/tshark's output not changing. (E.g.,
> if I currently match on FooBar and it changes to FooV2Bar because
> someone added V3 support, my text processing just broke!)
>
> Jaap Keuter wrote:
> > Hi,
> >
> > Sure, output as textfile, postprocess with [perl, awk, your favorite].
> > String together the strength of small powerful tools, instead of putting
> > all in one.
> >
> > Thanx,
> > Jaap
> >
> > On Mon, 13 Nov 2006, Sean WANG wrote:
> >
> >> Hi,
> >>
> >> I have a captured data file. How do I extract ONLY the info I am
> >> interested for each packet? I want the output file contain only (Source
> >> IP, Destination IP, Source Port, Destination Port, Protocol, Received
> >> Time).
> >>
> >> Is there any command of Ethereal that I can use? Or do you have any
> >> other suggestions?
> >> Thx a lot.
> >>
> >> Regards,
> >> Sean
> >>
> >>
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
--
Hans Nilsson
hasse_gg@xxxxxxxx
--
http://www.fastmail.fm - Does exactly what it says on the tin