On Jan 7, 2010, at 8:08 AM, Mario Valetti wrote:
I have a sample capture that I'd like to export to a file sorted by
packet length. Is there an automated way to do this with tshark or
manually with the GUI?
It's easy enough to filter via the GUI, but I don't see a way to
export the capture keeping the new 'view'.
I don't think there is a simple way of doing this. You could probably
do it with a script or some sort. One way would be to export the
packets into a text format, sort it, and then use text2pcap to put
them back together. Or perhaps using editcap -r to keep certain
packets and then mergecap them into one file again. Wow, that could
get really messy. Maybe it's a good time to file an enhancement
request at https://bugs.wireshark.org/ if you need to do this often ;).
Steve