Wish I had a job where I'd get paid to learn and use
Wireshark.
John
--- Luis Ontanon <[EMAIL PROTECTED]> wrote:
> On 1/26/07, Seymour Dupa <[EMAIL PROTECTED]>
> wrote:
> > Can it be exported as text?
> Yes you could but either you loose most of the
> information having each
> packet in a single
On 1/26/07, Seymour Dupa <[EMAIL PROTECTED]> wrote:
> Can it be exported as text?
Yes you could but either you loose most of the information having each
packet in a single line or you have the whole tree and the data pane
that spans several lines where grep is not good anymore.
BTW to have it con
Can it be exported as text?
--- Stuart MacDonald <[EMAIL PROTECTED]> wrote:
> From: On Behalf Of Seymour Dupa
> > What about 'grep'?
>
> The capture is libpcap format. grep would need to
> understand network
> packets to be at all effective. This is not a simple
> line from a text
> file situatio
From: On Behalf Of Small, James
> I wonder if ngrep would work for you:
> http://ngrep.sourceforge.net/
Nifty! I bet it would, but the tcpdump solution earlier has worked for
me. Thanks though!
..Stu
___
Wireshark-users mailing list
Wireshark-users@wir
I wonder if ngrep would work for you:
http://ngrep.sourceforge.net/
There are binaries for most platforms including Linux and Windows.
Perhaps you could do something like this:
ngrep -I input.cap -O output.cap "regex"
I tried and it seems to work, although I only used a 20MB capture file.
--Jim
From: On Behalf Of Seymour Dupa
> What about 'grep'?
The capture is libpcap format. grep would need to understand network
packets to be at all effective. This is not a simple line from a text
file situation.
..Stu
___
Wireshark-users mailing list
Wires
What about 'grep'?
I used it a lot in my DOS days. I'm sure there is/are
Windows versions. It's quite powerful with many
wildcard characters and search patterns. It will do a
lot of filtering for you.
You mauy have to run it several times for the
different search parameters.
John
--- Guy Harri
From: On Behalf Of Guy Harris
> On Jan 25, 2007, at 8:23 PM, Stuart MacDonald wrote:
> > I've read the man pages on the tools that come with Wireshark. I was
> > hoping to find a tool that opens a capture, applies a filter and
> > outputs matching packets to a new file. Here's a sample run of the
>
From: Stuart MacDonald [mailto:[EMAIL PROTECTED]
> I don't think the documentation mentions '-' is supported for -w.
Cancel that, I just missed it last night. It was late.
..Stu
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www
From: On Behalf Of Jeff Morriss
> What about:
>
> - split the files into 1000 smaller files
> - use a (decent) shell with tshark to process those files with tshark
>
> The latter could be achieved in a Korn style shell with
> something like:
>
> (for f in *.eth
> do
> tshark -r $f -w - -R
10 matches
Mail list logo