Hi Everyone,
After more research I found that the tool to use is TShark.
Sorry for asking a redundant question.
Thanx,
John
On Jan 30, 2008 10:19 AM, J P <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Is it be possible to do the following using EDITCAP:
>
> Select packets based on:
> -Select IP Addres
Editcap does not know anything about what is in the frame, it is only
aware of the frame "metadata" (i.e. date, length, link type).
For editcap frame data is just that: uninterpretable data.
tshark can do that:
$ tshark -r in_file.cap -o out_file.cap "ip.addr == 1.2.3.4 &&
udp.port > 3000 && udp
Hi,
Is it be possible to do the following using EDITCAP:
Select packets based on:
-Select IP Address and Source Port
-Select IP Address and Destination Port
-As well as Start and End time of packets
Across Multiple Input Capture Files.
The capture files are 250 Mb in size and is very time consu
