Well, if it's easy enough to get, then why not?
But I suspect the correct answer (especially for stuff that relies
heavily on the advanced dissection of Wireshark) is that text processing
is the way to go, but you've got to be careful (and aware) when
upgrading Wireshark versions.
Hans Nilsson wrote:
I guess it would be a better idea to take the data directly from the
libpcap-file then?
On Thu, 16 Nov 2006 11:23:38 +0800, "Jeff Morriss"
<jeff.morriss@xxxxxxxxxxx> said:
Though that does rely on Wireshark/tshark's output not changing. (E.g.,
if I currently match on FooBar and it changes to FooV2Bar because
someone added V3 support, my text processing just broke!)
Jaap Keuter wrote:
Hi,
Sure, output as textfile, postprocess with [perl, awk, your favorite].
String together the strength of small powerful tools, instead of putting
all in one.
Thanx,
Jaap
On Mon, 13 Nov 2006, Sean WANG wrote:
Hi,
I have a captured data file. How do I extract ONLY the info I am
interested for each packet? I want the output file contain only (Source
IP, Destination IP, Source Port, Destination Port, Protocol, Received
Time).
Is there any command of Ethereal that I can use? Or do you have any
other suggestions?
Thx a lot.
Regards,
Sean
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users