Please note you can use multiple -z proto,colinfo,.... arguments on
the command line
so add as many -z arguments as the number of fields you want to extract.
On 8/10/05, Sam Critchley <Sam.Critchley@xxxxxxxxxxxxxx> wrote:
>
> Hi Ronnie, everyone,
>
> Thanks very much. A command like this one:
>
> > tethereal -z proto,colinfo,ax4000.timestamp,ax4000.timestamp -r
> > capture.enc
>
> Gives me output looking like this:
>
> 1711 0.003509 0.0.0.0 -> 0.0.0.0 AX4000 Chss:0 Prt:1 Idx:1
> Seq:0x2d9295f2 TS:3764.954910[msec] ax4000.timestamp == 0x1670dd83
> 1712 0.003512 0.0.0.0 -> 0.0.0.0 AX4000 Chss:0 Prt:1 Idx:1
> Seq:0x2d9295f3 TS:3764.956650[msec] ax4000.timestamp == 0x1670de31
> 1713 0.003513 0.0.0.0 -> 0.0.0.0 AX4000 Chss:0 Prt:1 Idx:1
> Seq:0x2d9295f4 TS:3764.958720[msec] ax4000.timestamp == 0x1670df00
>
> I can get the other values in there as well when I play around with the
> arguments. That gives me a text file I can run sed on or parse with a
> spreadsheet.
>
> Best wishes,
>
>
> Sam
>
>
>
> On Tue, 09 Aug 2005 22:02:01 +0200, ronnie sahlberg
> <ronniesahlberg@xxxxxxxxx> wrote:
>
> > If you use unix or cygwin you should be able to do this easily by
> > using tethereal and sed.
> >
> > Put each of the interesting fields on the summary line using one "-z
> > proto,colinfo,..." line for each of the fields.
> >
> > Then use sed to massage the output lines to remove everything except
> > this output and insert a ',' between each of the fields.
> >
> >
> >
> > On 8/9/05, Sam Critchley <Sam.Critchley@xxxxxxxxxxxxxx> wrote:
> >>
> >> Hi,
> >>
> >> I have a .enc capture file from an Adtech AX/4000 tester which I've
> >> opened
> >>
> >> in Ethereal. The capture consists of about 10,000 packets. Each packet
> >> consists of a great deal of information including Frame, Ethernet
> >> headers,
> >>
> >> IP and the AX/4000 virtual test block payload added by the tester.
> >> Ethereal's done a great job of analysing the huge amount of hex in the
> >> capture file and making it readable.
> >>
> >> I would like to extract *only* the following values from each packet,
> >> and
> >> save them to some kind of parse-friendly text or CSV file:
> >>
> >> frame.time
> >> frame.time_delta
> >> frame.number
> >> ax4000.timestamp
> >> ax4000.seq
> >>
> >> Each packet should have a line with values above tab-separated.
> >>
> >> I then want to run some statistical analysis on these data using a
> >> spreadsheet.
> >>
> >> I've looked at ways to do this in Ethereal, Tethereal and editcap, but I
> >> can't seem to find a way to do it. Can anyone perhaps help me out with a
> >> tip here? Is there a clever way to do this?
> >>
> >> Many thanks,
> >>
> >>
> >> Sam
> >>
> >> --
> >> Sam Critchley - mailing-list address
> >> A2B Location-Based Search Engine - http://www.a2b.cc
> >> - Find websites near a geographical location
> >> - Search real-time using a GPS device or from a map
> >> - Register your blog and see your neighbours in blogland
> >>
> >> _______________________________________________
> >> Ethereal-users mailing list
> >> Ethereal-users@xxxxxxxxxxxx
> >> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>
> --
> Sam Critchley - mailing-list address
> A2B Location-Based Search Engine - http://www.a2b.cc
> - Find websites near a geographical location
> - Search using a GPS device or from a map
> - Register your blog and see your neighbours in blogland
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
