Hi,
I work with log files that are created from multiple sources, and although
the timestamps are in good synchronisation, they are often written to the
log file slightly out of order (up to a few milliseconds).
editcap -S supports rewriting the timestamps to be in strict chronological
order
Hello Martin,
I've used mergecap to do this.
It's a bit of a hacky solution but I used to split the
original out-or-order packets out to separate 1 packet
trace files. I then used mergecap's default chronological
merging behavior to piece the sections back into a single
file. The problem with
I think I will write a separate wiretap console app (tonight, if I get
carried away).
My log files tend to be long (100s MB), so I don't think a script such as
yours would work well for me.
Ultimately it would be good to have this functionality in (probably)
editcap, and if there is demand, make
Bill Meier wrote:
On 9/15/2012 4:35 PM, Evan Huus wrote:
The obvious solution for now is to remove the comments that are
getting falsely picked up as function definitions, but the better fix
is to the make-dissector-reg scripts. Is it valid for there to be two
register functions in a file, or
On Sun, Sep 16, 2012 at 01:39:41PM -0700, Guy Harris wrote:
On Sep 16, 2012, at 12:49 AM, Joerg Mayer jma...@loplof.de wrote:
On Sat, Sep 15, 2012 at 03:44:59PM -0700, Guy Harris wrote:
My understanding of dissectors registering to port 0 was simply a method
for
allowing Decode As to
I searched and couldn't find anything on multiple expert infos.
What severity level is supposed to be shown in the 'expert' column
when there is more than one expert info in a packet?
This
An optional Expert Info Severity packet list column is available (since SVN
22387 → 0.99.7), that
On Sep 17, 2012, at 6:04 PM, Michael Lum michael@starsolutions.com wrote:
I searched and couldn't find anything on multiple expert infos.
What severity level is supposed to be shown in the 'expert' column
when there is more than one expert info in a packet?
Probably the highest
