Wireshark · Wireshark-users: Re: [Wireshark-users] How to filter out last 1000 frames in a quick way

Wireshark-users: Re: [Wireshark-users] How to filter out last 1000 frames in a quick way

From: Hansang Bae <hbae@xxxxxxxxxx>

Date: Sat, 05 Jul 2008 23:11:33 -0400

Bin Zhou wrote:

Sometime, I capture a big size of file, but I may need to do voip callsanalysis for a snapshot. For example, it is good enough for me to seeflows of last one thousand packets.If there is a quick way to filter out last 1000 frames without going tothe frame or packet detail level, it will be very helpful.
Thanks for your help in advance.

The only thing you could try would be to use "editcap -c xxx" to specifyhow many packets you want per trace file (where xxx = how many packetsyou want)

Or you could try -A option to specify when you want to start seeing the"interesting" packets.


--

Thanks,
Hansang

Follow-Ups:
- Re: [Wireshark-users] How to filter out last 1000 frames in a quick way
  - From: Abhik Sarkar

Prev by Date: Re: [Wireshark-users] add random packet lost
Next by Date: Re: [Wireshark-users] BPDU packets
Previous by thread: Re: [Wireshark-users] add random packet lost
Next by thread: Re: [Wireshark-users] How to filter out last 1000 frames in a quick way
Index(es):
- Date
- Thread