On Wed, Jun 27, 2007 at 05:29:41PM +0900, Mitsuho Iizuka wrote: > Does anyone know how to drop 400 unwanted packets in a already > caputured snoop file to analyze with wireshark ? > > According to this list, editcap has a 100 limitation.
Actually, this has been raised to 500 in the latest SVN source code tree. > I would like to analyze LDAP packets file, which was already captured, > without specified src tcp.port(about 400 ports!). It seems Wireshark > does not have a feature to read display filter from file. You are correct. > I would like to write scripts as follows, > > (tcp.ports != 400 && tcp.ports !=401 && .... && tcp.ports = 800) > > of course, port number is not sequencial. Are the frame numbers sequential? Is there a pattern to the tcp port numbers that you want to include/exclude? Steve _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
