I've seen many posts on Ethereal-users as well as other exchanges across the net regarding filtering data in the info field after capturing data packets with Ethereal, so here is one solution that works:
1. Define any of your protocol filters and what not and apply the changes. 2. Change your display options to Date and Time of day AIM Example: 1. Print to file (.txt extension) summary only 2. Import file to excel -- clean up any erroneous column markers The fields that I generally have now are: No. -- General Date -- Text (You must add this field heading on your own -- will probably be field3 or time to start with -- move the Time over one column) Time -- Text Source -- General Destination -- General Protocol -- General Info -- General 3. Save excel file 4. Open MS Access 5. Import the Excel File into a new table -- check to make sure that the date and time are displayed properly 6. Go to 'Queries' 7. Go to design view and choose SQL Example Query: SELECT * FROM TableName WHERE Info LIKE "Messag*" ORDER BY Date, Time; This will filter out any info fields not starting with Messag and then order everything by date and time. Now that this query is setup you should see the AIM conversations in the correct order: Message From: -- Message To: in the correct order. Your data is now clearly viewable. Your options with the queries are virtually unlimited. I use coldfusion to create a web based keyword search interface that uses the data packet database. You could also apply the Google engine to speed up the search process for larger files. __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users
