Wireshark · Wireshark-users: Re: [Wireshark-users] Specifying a date range in editcap

Wireshark-users: Re: [Wireshark-users] Specifying a date range in editcap

From: "Jeroen Eeuwes" <jeroeneeuwes@xxxxxxxxx>

Date: Fri, 28 Dec 2007 11:00:43 +0100

Hi Andrew,

> No luck. Same result.

>From another message I gathered you use Microsoft Windows; I tried
under Linux (but not careful enough).

Anyway, the syntax with quotes works both under Linux and under
Microsoft Windows. At least with my "Editcap 0.99.7 (SVN Rev 23910)"
and XP Pro SP2.

Howver you should not use the -r parameter as this one does not work
with -A and -B. You'll get empty files back. So if you want to exclude
a time range you have to create two files and then merge them back
together.

E.g. this works on both my home computer (Linux) and work computer
(Microsoft Windows):

editcap -A "2007-11-05 17:00:00" -B "2007-11-05 18:00:00" in.pcap out.pcap

Best regards,
Jeroen

References:
- Re: [Wireshark-users] Specifying a date range in editcap
  - From: Andrew Chalk
- Re: [Wireshark-users] Specifying a date range in editcap
  - From: Jeroen Eeuwes
- Re: [Wireshark-users] Specifying a date range in editcap
  - From: Andrew Chalk

Prev by Date: Re: [Wireshark-users] TSHARK.EXE command line requirements with Filter are impossible in Windows. And (How to specify the Date Timestamp in an acceptable format.)
Next by Date: Re: [Wireshark-users] TSHARK.EXE command line requirements with Filter are impossible in Windows. And (How to specify the Date Timestamp in an acceptable format.)
Previous by thread: Re: [Wireshark-users] TSHARK.EXE command line requirements with Filter are impossible in Windows. And (How to specify the Date Timestamp in an acceptable format.)
Next by thread: [Wireshark-users] when make packet-ansi_map-template.c file, failed
Index(es):
- Date
- Thread