Wireshark · Ethereal-users: Re: [Ethereal-users] Hacking out data

Ethereal-users: Re: [Ethereal-users] Hacking out data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Mon, 2 Aug 2004 19:55:49 -0700 (PDT)

Steve Abrahall said:
> My question is
> What would I do to to strip out just the icmp packets from my 180 MB
> file?

    tethereal -r 180_mb_capture_file -R icmp

or just

    tethereal -r 180_mb_capture_file icmp

> Have been trying things like
>
> tethereal-r 180_mb_capture_file -f icmp

"-f" specifies a capture filter; those aren't supported when reading a
capture file (not all link-layer types we support when reading from
capture files are supported by libpcap's filtering engine, which is what's
used for capture filters).  You have to use a read filter when reading a
capture file.

References:
- [Ethereal-users] Hacking out data
  - From: Steve Abrahall

Prev by Date: [Ethereal-users] Hacking out data
Next by Date: [Ethereal-users] dealing with many files
Previous by thread: [Ethereal-users] Hacking out data
Next by thread: [Ethereal-users] dealing with many files
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$