Re: editcap -B

[Sake Blok <sake () euronet nl>]

On 12 nov 2010, at 18:08, Stephen Fisher wrote:

> On Fri, Nov 12, 2010 at 03:03:17PM +0100, Sake Blok wrote:
>
> > I would expect '-A "2010-11-08 20:00:00" -B "2010-11-09 00:00:00"' to 
> > mean: All packets with a timestamp starting at "2010-11-08 20:00:00" 
> > and *before* "2010-11-09 00:00:00".
> >
> > Does anyone object to me changing (correcting) the current behavior of 
> > "-B" to what I would have expected?
>
> This matches what the help output (editcap -h) explains on the right 
> side, although the term "stop time" is ambigious:
>
>  -A <start time>        don't output packets whose timestamp is before the
>                         given time (format as YYYY-MM-DD hh:mm:ss).
>  -B <stop time>         don't output packets whose timestamp is after the
>                         given time (format as YYYY-MM-DD hh:mm:ss).
>
> Thinking of it as letting Wireshark run while you're watching the time, 
> when you see it reach the stop time, then you would stop the capture 
> part way through that section, depending on your reaction time.  So 
> correcting it as you describe sounds fine to me, just make sure to 
> update the help text.

"fixed" in SVN 34913

New editcap -h:

  -A <start time>        only output packets whose timestamp is after (or equal
                         to) the given time (format as YYYY-MM-DD hh:mm:ss).
  -B <stop time>         only output packets whose timestamp is before the
                         given time (format as YYYY-MM-DD hh:mm:ss).

Cheers,


Sake

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe