Wireshark-users: [Wireshark-users] how to drop 400 unwanted packets to analyze with wireshark ?
From: Mitsuho Iizuka <m-iizuka@xxxxxxxxxxxxx>
Date: Wed, 27 Jun 2007 17:29:41 +0900 (JST)
Hi,

Does anyone know how to drop 400 unwanted packets in a already
caputured snoop file to analyze with wireshark ?

According to this list, editcap has a 100 limitation. I would like
to analyze LDAP packets file, which was already captured, without
specified src tcp.port(about 400 ports!). It seems Wireshark
does not have a feature to read display filter from file.

I would like to write scripts as follows,

(tcp.ports != 400 && tcp.ports !=401 && .... && tcp.ports = 800)

of course, port number is not sequencial.

Thanks in advance

Regards,

// Mitsuho Iizuka
// AP Server Grp., 2nd System Software Div.,
// System Software Opr.Unit, IT Platform Biz.Unit, NEC Corp.
// Phone:+81-3-3456-4322