Wireshark · Wireshark-users: Re: [Wireshark-users] how do I extract these packets with editcap

Wireshark-users: Re: [Wireshark-users] how do I extract these packets with editcap

From: Marilo <narium85-mlscar@xxxxxxxxxxx>

Date: Sat, 7 Apr 2012 10:33:14 +0100 (BST)

well, then, i'll forget specifying by time, and this would do what I want

http://stackoverflow.com/questions/7146407/capinfos-precise-timestamp

C:\sdf>capinfos -c thefile

File name: thefile

Number of packets: 52

C:\sdf>tshark -r thefile -R "frame.number==1"

0.000000 2135 192.168.1.66 -> 192.168.1.65 TCP 66 1085 2135

C:\sdf>tshark -r thefile -R "frame.number==52"

5.080146 1085 192.168.1.65 -> 192.168.1.66 TCP 62 2138 1085

C:\sdf>tshark -r thefile -R "frame.number==0"

C:\sdf>tshark -r thefile -R "frame.number==53"

5.080902 2138 192.168.1.66 -> 192.168.1.65 TCP 240 1085 2138

C:\sdf>

--- On Fri, 6/4/12, Paula Dufour wrote:

From: Paula Dufour
Subject: Re: [Wireshark-users] how do I extract these packets with editcap
To: wireshark-users wireshark.org
Date: Friday, 6 April, 2012, 23:57

I believe you are trying to be too precise. I think the time format only goes to the second.

Paula Dufour

References:
- Re: [Wireshark-users] how do I extract these packets with editcap
  - From: Paula Dufour

Prev by Date: Re: [Wireshark-users] Should the "export as text" item be in an "Export Human-readable..." item in the File menu?
Next by Date: Re: [Wireshark-users] how do I extract these packets with editcap?
Previous by thread: Re: [Wireshark-users] how do I extract these packets with editcap
Next by thread: [Wireshark-users] Wireshark 1.7.1 is now available
Index(es):
- Date
- Thread