Wireshark · Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Ethereal-users: Re: [Ethereal-users] need help creating a complex time filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Wed, 15 Mar 2006 00:41:57 +0100

by relative time...

change line 18 to

my $ot = int($hdr{tv_sec} / 3600);

and line 22 to:

if ($hdr{tv_sec} > $ot + 3600 )

and it will split the file in file containing exact hours.

On 3/15/06, George P Nychis <gnychis@xxxxxxx> wrote:
> Is it splitting by relative time or by actual time?
>
>
> > be patient... perl is powerful be sure about it but it is slow, very
> > slow!
> >
> > On 3/15/06, George P Nychis <gnychis@xxxxxxx> wrote:
> >> oh awesome, thank you very much for all your help, I will look through
> >> your script and use it :)
> >>
> >> - George
> >>
> >>
> >>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> >>>> So can I do wildcards for the date?  Because the log file spans
> >>>> over several days and it would just be easier to wildcard out the
> >>>> date.
> >>>
> >>> No it cannot.
> >>>
> >>> Attached you'll find a perl script I wrote a while ago that splits a
> >>> capture file in 5m files (starting at X:00 X:05 X:10 X:15 ... ) you
> >>> can modify it to fit you needs.
> >>>
> >>>
> >>>>
> >>>>> ---------- Forwarded message ---------- From: LEGO
> >>>>> <luis.ontanon@xxxxxxxxx> Date: Mar 13, 2006 11:28 PM Subject: Re:
> >>>>>  [Ethereal-users] tethereal uses too much memory to filter
> >>>>> packets from file To: Ethereal user support
> >>>>> <ethereal-users@xxxxxxxxxxxx>
> >>>>>
> >>>>>
> >>>>> I just added -A <start time> and -B <stop time> to editcap, this
> >>>>> way you can select to have in the file just those packets that
> >>>>> happen in a certain period of time.
> >>>>>
> >>>>> $ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19'
> >>>>> in.pcap out.pcap
> >>>>>
> >>>>> This one can filter by date  even a file N times bigger than the
> >>>>> ram...
> >>>>>
> >>>>>
> >>>>> you can get it
> >>>>> http://www.ethereal.com/distribution/buildbot-builds/ it's on
> >>>>> revision 17614 or higher.
> >>>>>
> >>>>> L
> >>>>>
> >>>>> On 3/14/06, George P Nychis <gnychis@xxxxxxx> wrote:
> >>>>>> By the way, multiple tethereal runsare also acceptable, such as
> >>>>>>  running tethereal 6 times for each experiment to get the
> >>>>>> output, then putting all the output together.  However I can't
> >>>>>> find time wildcards to even accomplish that...
> >>>>>>
> >>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> I am not sure if calling this complex was the right term,
> >>>>>>> however I can't seem to find the exact filter to do what I
> >>>>>>> need.
> >>>>>>>
> >>>>>>> I ran two sets of experiments and did them within 5 minutes
> >>>>>>> of each other so that they experienced similar network
> >>>>>>> conditions.
> >>>>>>>
> >>>>>>> Therefore, experiment one ran on these minutes (inclusive) in
> >>>>>>> an hour: 00-04,10-14,20-24,30-34,40-44,50-54
> >>>>>>>
> >>>>>>> Experiment two ran during these minutes (inclusive) in an
> >>>>>>> hour: 05-09,15-19,25-29,35-39,45-49,55-59
> >>>>>>>
> >>>>>>> Therefore, I am looking for a filter for tethereal/ethereal
> >>>>>>> so that i can see only packets from experiment one from a log
> >>>>>>> file.
> >>>>>>>
> >>>>>>> I've read about "frame.time", but I can't figure out how to
> >>>>>>> do wildcards with it, it always needs a specific day attached
> >>>>>>> with it as far as i can tell.
> >>>>>>>
> >>>>>>> I'd greatly appreciate any help.
> >>>>>>>
> >>>>>>> Thanks! George
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx
> >>>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>>
> >>>>>> _______________________________________________ Ethereal-users
> >>>>>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>>>>
> >>>>>
> >>>>>
> >>>>> -- This information is top security. When you have read it,
> >>>>> destroy yourself. -- Marshall McLuhan
> >>>>> _______________________________________________ Ethereal-users
> >>>>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>>
> >>>> _______________________________________________ Ethereal-users
> >>>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>>
> >>>
> >>>
> >>> -- This information is top security. When you have read it, destroy
> >>> yourself. -- Marshall McLuhan
> >>> _______________________________________________ Ethereal-users
> >>> mailing list Ethereal-users@xxxxxxxxxxxx
> >>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>>
> >>
> >>
> >> --
> >>
> >> _______________________________________________ Ethereal-users mailing
> >> list Ethereal-users@xxxxxxxxxxxx
> >> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>
> >
> >
> > -- This information is top security. When you have read it, destroy
> > yourself. -- Marshall McLuhan
> > _______________________________________________ Ethereal-users mailing
> > list Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> >
>
>
> --
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Follow-Ups:
- Re: [Ethereal-users] need help creating a complex time filter
  - From: LEGO

References:
- [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: LEGO
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: LEGO
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis
- Re: [Ethereal-users] need help creating a complex time filter
  - From: LEGO
- Re: [Ethereal-users] need help creating a complex time filter
  - From: George P Nychis

Prev by Date: Re: [Ethereal-users] need help creating a complex time filter
Next by Date: Re: [Ethereal-users] need help creating a complex time filter
Previous by thread: Re: [Ethereal-users] need help creating a complex time filter
Next by thread: Re: [Ethereal-users] need help creating a complex time filter
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$