Wireshark · Wireshark-users: Re: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?

Wireshark-users: Re: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark

From: Stephen Fisher <stephentfisher@xxxxxxxxx>

Date: Wed, 27 Jun 2007 21:52:38 -0700

On Wed, Jun 27, 2007 at 05:29:41PM +0900, Mitsuho Iizuka wrote:

> Does anyone know how to drop 400 unwanted packets in a already 
> caputured snoop file to analyze with wireshark ?
>
> According to this list, editcap has a 100 limitation.

Actually, this has been raised to 500 in the latest SVN source code 
tree.

> I would like to analyze LDAP packets file, which was already captured, 
> without specified src tcp.port(about 400 ports!). It seems Wireshark 
> does not have a feature to read display filter from file.

You are correct.

> I would like to write scripts as follows,
> 
> (tcp.ports != 400 && tcp.ports !=401 && .... && tcp.ports = 800)
> 
> of course, port number is not sequencial.

Are the frame numbers sequential?  Is there a pattern to the tcp port 
numbers that you want to include/exclude?


Steve

Follow-Ups:
- [Wireshark-users] Right-click and open a tcp stream in a new window?
  - From: Alex Lee
- Re: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?
  - From: Mitsuho Iizuka

References:
- [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?
  - From: Mitsuho Iizuka

Prev by Date: [Wireshark-users] GSM MAP SendRoutingInfo not decoded correctly?
Next by Date: [Wireshark-users] Right-click and open a tcp stream in a new window?
Previous by thread: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?
Next by thread: [Wireshark-users] Right-click and open a tcp stream in a new window?
Index(es):
- Date
- Thread