Wireshark · Wireshark-users: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?

Wireshark-users: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?

From: Mitsuho Iizuka <m-iizuka@xxxxxxxxxxxxx>

Date: Wed, 27 Jun 2007 17:29:41 +0900 (JST)

Hi,

Does anyone know how to drop 400 unwanted packets in a already
caputured snoop file to analyze with wireshark ?

According to this list, editcap has a 100 limitation. I would like
to analyze LDAP packets file, which was already captured, without
specified src tcp.port(about 400 ports!). It seems Wireshark
does not have a feature to read display filter from file.

I would like to write scripts as follows,

(tcp.ports != 400 && tcp.ports !=401 && .... && tcp.ports = 800)

of course, port number is not sequencial.

Thanks in advance

Regards,

// Mitsuho Iizuka
// AP Server Grp., 2nd System Software Div.,
// System Software Opr.Unit, IT Platform Biz.Unit, NEC Corp.
// Phone:+81-3-3456-4322

Follow-Ups:
- Re: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] Building for WinXP and Win2K
Next by Date: [Wireshark-users] GSM MAP SendRoutingInfo not decoded correctly?
Previous by thread: Re: [Wireshark-users] Building for WinXP and Win2K
Next by thread: Re: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?
Index(es):
- Date
- Thread