Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how do I extract these packets with editcap

From: Marilo <narium85-mlscar () yahoo co uk>
Date: Sat, 7 Apr 2012 10:33:14 +0100 (BST)
well, then, i'll forget specifying by time, and this would do what I want
http://stackoverflow.com/questions/7146407/capinfos-precise-timestamp 
C:\sdf>capinfos -c thefileFile name:           thefileNumber of packets:   52
C:\sdf>tshark -r thefile -R "frame.number==1"  0.000000 2135 192.168.1.66 -> 192.168.1.65 TCP 66 1085 2135
C:\sdf>tshark -r thefile -R "frame.number==52"  5.080146 1085 192.168.1.65 -> 192.168.1.66 TCP 62 2138 1085
C:\sdf>tshark -r thefile -R "frame.number==0"
C:\sdf>tshark -r thefile -R "frame.number==53"  5.080902 2138 192.168.1.66 -> 192.168.1.65 TCP 240 1085 2138
C:\sdf>

--- On Fri, 6/4/12, Paula Dufour wrote:

From: Paula Dufour 
Subject: Re: [Wireshark-users] how do I extract these packets with editcap
To: wireshark-users   wireshark.org
Date: Friday, 6 April, 2012, 23:57

I believe you are trying to be too precise.  I think the time format only goes to the second. Paula Dufour


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: