Wireshark · Wireshark-dev: Re: [Wireshark-dev] editcap -B

Wireshark-dev: Re: [Wireshark-dev] editcap -B

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>

Date: Fri, 12 Nov 2010 10:08:41 -0700

On Fri, Nov 12, 2010 at 03:03:17PM +0100, Sake Blok wrote:

> I would expect '-A "2010-11-08 20:00:00" -B "2010-11-09 00:00:00"' to 
> mean: All packets with a timestamp starting at "2010-11-08 20:00:00" 
> and *before* "2010-11-09 00:00:00".
> 
> Does anyone object to me changing (correcting) the current behavior of 
> "-B" to what I would have expected?

This matches what the help output (editcap -h) explains on the right 
side, although the term "stop time" is ambigious:

  -A <start time>        don't output packets whose timestamp is before the
                         given time (format as YYYY-MM-DD hh:mm:ss).
  -B <stop time>         don't output packets whose timestamp is after the
                         given time (format as YYYY-MM-DD hh:mm:ss).

Thinking of it as letting Wireshark run while you're watching the time, 
when you see it reach the stop time, then you would stop the capture 
part way through that section, depending on your reaction time.  So 
correcting it as you describe sounds fine to me, just make sure to 
update the help text.

Follow-Ups:
- Re: [Wireshark-dev] editcap -B
  - From: Sake Blok

References:
- [Wireshark-dev] editcap -B
  - From: Sake Blok

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-7-x64
Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86
Previous by thread: [Wireshark-dev] editcap -B
Next by thread: Re: [Wireshark-dev] editcap -B
Index(es):
- Date
- Thread