Ethereal-users: [Ethereal-users] Hacking out data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Steve Abrahall <sa@xxxxxxxxxxxxxxxx>
Date: Tue, 3 Aug 2004 12:03:32 +1000
Ok
I have been running tethereal / ethereal on our network at night and it produces a 180 MB or more capture file. My old machine will open this but it is very very very slow and and sometimes dies on me. :( It's difficult to work with
I'm trying to pin down some strange behaviour thats icmp related and may be dns related 

My question is
What would I do to to strip out just the icmp packets from my 180 MB file? 

Have been trying things like

tethereal-r 180_mb_capture_file -f icmp

This seems to just display everything ignoring the filter

tethereal  -f icmp -r 180_mb_capture_file -f icmp

Also seems to just display everything ignoring the filter

Any help greatly appreciated

Thanks
Steve