Wireshark · Wireshark-users: Re: [Wireshark-users] filtering in non-GUI mode

Wireshark-users: Re: [Wireshark-users] filtering in non-GUI mode

From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>

Date: Tue, 21 Jul 2009 20:04:07 +0900

Hi,

Sorry, I found the following options in editcap:

-A <start time>
Saves only the packets whose timestamp is on or after start time. The time is given in the following format YYYY-MM-DD HH:MM:SS

-B <stop time>
Saves only the packets whose timestamp is on or before stop time. The time is given in the following format YYYY-MM-DD HH:MM:SS

But is the format YYYY-MM-DD HH:MM:SS compared to the corrected datetime on the machine I am running editcap? I mean, tcpdump corrects readable (non-epoch) timestamps according to timezone. Should I compare to these corrected values? Or to the UTC values?

Thank you,
Andrej

Follow-Ups:
- Re: [Wireshark-users] filtering in non-GUI mode
  - From: j . snelders

References:
- Re: [Wireshark-users] filtering in non-GUI mode
  - From: Julian Fielding
- Re: [Wireshark-users] filtering in non-GUI mode
  - From: Andrej van der Zee

Prev by Date: Re: [Wireshark-users] filtering in non-GUI mode
Next by Date: Re: [Wireshark-users] filtering in non-GUI mode
Previous by thread: Re: [Wireshark-users] filtering in non-GUI mode
Next by thread: Re: [Wireshark-users] filtering in non-GUI mode
Index(es):
- Date
- Thread