Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread Christopher Maynard
writes: > You could use a batch script to do what you want, like >        for %%a IN (*.pcap) DO tshark.exe -r "%%a" -R "dns.qry.name contains google" -w "filtered_%%a" >        mergecap -a -w all-google-queries.pcap filtered*.pcap Great idea Jasper! I was thinking the same thing, only that

Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread jasper . sharklists
Title: Re: [Wireshark-dev] Multiple input files Hi Dario, Thursday, September 5, 2013, 3:54:51 PM, you wrote: On Thu, Sep 5, 2013 at 3:30 PM, Evan Huus wrote: mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name contains google" -o google.pcap  mergec

Re: [Wireshark-dev] [Wireshark-commits] rev 51742: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-eth.c packet-ieee80211.c

2013-09-05 Thread Gilbert Ramirez
I'll take a look. Gilbert On Wed, Sep 4, 2013 at 8:04 AM, Maynard, Chris < christopher.mayn...@gtech.com> wrote: > Good ideas! > > I haven't dug too deeply into the display filter logic yet though, so if > someone more familiar with it than I am would like to implement it, then > please do. Th

Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread Dario Lombardo
On Thu, Sep 5, 2013 at 3:30 PM, Evan Huus wrote: > > mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name > contains > google" -o google.pcap > mergecap would be certainly an option, if the merged file is not too big to be given to tshark. I have 10 file, 1G each. If I merge

Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread Christopher Maynard
Evan Huus writes: > You can even (I think) pipe from mergecap to tshark as follows: > > > mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y "dns.qry.name contains google" -o google.pcap Just a slight correction on the tshark command-line options needed (note the "-i -"): mergecap -w - in1.

Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread Christopher Maynard
Dario Lombardo writes: > Hi listI was trying to change the code of tshark to support multiple -r switches. The aim is to have many input files and one output file. Before getting mad in changing it, I was wondering if it makes sense or not, and if it was addressed before in some way. > > An exam

Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread Evan Huus
On Thu, Sep 5, 2013 at 9:26 AM, Evan Huus wrote: > On Thu, Sep 5, 2013 at 9:19 AM, Dario Lombardo < > dario.lombardo...@gmail.com> wrote: > >> Hi list >> I was trying to change the code of tshark to support multiple -r >> switches. The aim is to have many input files and one output file. Before >

Re: [Wireshark-dev] Multiple input files

2013-09-05 Thread Evan Huus
On Thu, Sep 5, 2013 at 9:19 AM, Dario Lombardo wrote: > Hi list > I was trying to change the code of tshark to support multiple -r switches. > The aim is to have many input files and one output file. Before getting mad > in changing it, I was wondering if it makes sense or not, and if it was > add

[Wireshark-dev] Multiple input files

2013-09-05 Thread Dario Lombardo
Hi list I was trying to change the code of tshark to support multiple -r switches. The aim is to have many input files and one output file. Before getting mad in changing it, I was wondering if it makes sense or not, and if it was addressed before in some way. An example of use of it: tshark -r i

Re: [Wireshark-dev] [Wireshark-commits] rev 51780: /trunk/ /trunk/asn1/atn-cm/: packet-atn-cm-template.c /trunk/asn1/atn-cpdlc/: packet-atn-cpdlc-template.c /trunk/asn1/atn-ulcs/: atn-ulcs.cnf packet-

2013-09-05 Thread Evan Huus
On Thu, Sep 5, 2013 at 8:25 AM, Joerg Mayer wrote: > On Thu, Sep 05, 2013 at 12:13:02PM +, eapa...@wireshark.org wrote: > > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=51780 > > > > User: eapache > > Date: 2013/09/05 05:13 AM > > > > Log: > > Convert atn-* dissectors to

Re: [Wireshark-dev] [Wireshark-commits] rev 51780: /trunk/ /trunk/asn1/atn-cm/: packet-atn-cm-template.c /trunk/asn1/atn-cpdlc/: packet-atn-cpdlc-template.c /trunk/asn1/atn-ulcs/: atn-ulcs.cnf packet-

2013-09-05 Thread Joerg Mayer
On Thu, Sep 05, 2013 at 12:13:02PM +, eapa...@wireshark.org wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=51780 > > User: eapache > Date: 2013/09/05 05:13 AM > > Log: > Convert atn-* dissectors to wmem. No emem in new code please! How about changing checkapi acco

Re: [Wireshark-dev] [Wireshark-commits] rev 51775: /trunk/tools/ /trunk/tools/: asn2wrs.py

2013-09-05 Thread Stig Bjørlykke
Issues should be fixed in revision 51776. -- Stig Bjørlykke ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-

Re: [Wireshark-dev] [Wireshark-commits] rev 51775: /trunk/tools/ /trunk/tools/: asn2wrs.py

2013-09-05 Thread Joerg Mayer
On Thu, Sep 05, 2013 at 10:01:51AM +0200, Stig Bjørlykke wrote: > On Thu, Sep 5, 2013 at 9:38 AM, wrote: > > > Adapt generated output to always print paths relative to > > the asn1// subdir. This makes cmake generated builds > > look identical to autotools generated builds. > > > > 1. You are

Re: [Wireshark-dev] [Wireshark-commits] rev 51775: /trunk/tools/ /trunk/tools/: asn2wrs.py

2013-09-05 Thread Stig Bjørlykke
On Thu, Sep 5, 2013 at 9:38 AM, wrote: > Adapt generated output to always print paths relative to > the asn1// subdir. This makes cmake generated builds > look identical to autotools generated builds. > 1. You are using TAB as indent, which does not always work very well. 2. I get this diff