Well, if it's easy enough to get, then why not? But I suspect the correct answer (especially for stuff that relies heavily on the advanced dissection of Wireshark) is that text processing is the way to go, but you've got to be careful (and aware) when upgrading Wireshark versions.
Hans Nilsson wrote: > I guess it would be a better idea to take the data directly from the > libpcap-file then? > > On Thu, 16 Nov 2006 11:23:38 +0800, "Jeff Morriss" > <[EMAIL PROTECTED]> said: >> Though that does rely on Wireshark/tshark's output not changing. (E.g., >> if I currently match on FooBar and it changes to FooV2Bar because >> someone added V3 support, my text processing just broke!) >> >> Jaap Keuter wrote: >>> Hi, >>> >>> Sure, output as textfile, postprocess with [perl, awk, your favorite]. >>> String together the strength of small powerful tools, instead of putting >>> all in one. >>> >>> Thanx, >>> Jaap >>> >>> On Mon, 13 Nov 2006, Sean WANG wrote: >>> >>>> Hi, >>>> >>>> I have a captured data file. How do I extract ONLY the info I am >>>> interested for each packet? I want the output file contain only (Source >>>> IP, Destination IP, Source Port, Destination Port, Protocol, Received >>>> Time). >>>> >>>> Is there any command of Ethereal that I can use? Or do you have any >>>> other suggestions? >>>> Thx a lot. >>>> >>>> Regards, >>>> Sean >>>> >>>> >>> _______________________________________________ >>> Wireshark-users mailing list >>> Wireshark-users@wireshark.org >>> http://www.wireshark.org/mailman/listinfo/wireshark-users >>> >> _______________________________________________ >> Wireshark-users mailing list >> Wireshark-users@wireshark.org >> http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
