I guess it would be a better idea to take the data directly from the libpcap-file then?
On Thu, 16 Nov 2006 11:23:38 +0800, "Jeff Morriss" <[EMAIL PROTECTED]> said: > > Though that does rely on Wireshark/tshark's output not changing. (E.g., > if I currently match on FooBar and it changes to FooV2Bar because > someone added V3 support, my text processing just broke!) > > Jaap Keuter wrote: > > Hi, > > > > Sure, output as textfile, postprocess with [perl, awk, your favorite]. > > String together the strength of small powerful tools, instead of putting > > all in one. > > > > Thanx, > > Jaap > > > > On Mon, 13 Nov 2006, Sean WANG wrote: > > > >> Hi, > >> > >> I have a captured data file. How do I extract ONLY the info I am > >> interested for each packet? I want the output file contain only (Source > >> IP, Destination IP, Source Port, Destination Port, Protocol, Received > >> Time). > >> > >> Is there any command of Ethereal that I can use? Or do you have any > >> other suggestions? > >> Thx a lot. > >> > >> Regards, > >> Sean > >> > >> > > > > _______________________________________________ > > Wireshark-users mailing list > > [email protected] > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users -- Hans Nilsson [EMAIL PROTECTED] -- http://www.fastmail.fm - Does exactly what it says on the tin _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
