From: On Behalf Of Jeff Morriss > What about: > > - split the files into 1000 smaller files > - use a (decent) shell with tshark to process those files with tshark > > The latter could be achieved in a Korn style shell with > something like: > > (for f in *.eth > do > tshark -r $f -w - -R "tcp.port=50000" > done) > only-infrequent.eth > > That would work on Unix though I'm not sure about Windoze > (IIRC in the > past there have been issues with reading/writing stdin/stdout > on that OS > though maybe they're all fixed).
I did consider a shell script. My point in posting was two-fold: to find out if I'd missed the blindly obvious, and to point out that this either needs to exist or needs better documentation depending on the result of the first point. I feel this functionality is intuitive, expected of the toolset, and violates least-surpise that it doesn't exist. I shouldn't have to rely on a shell script. In fact, if editcap was expanded to handle the general -R/-f flags of the other tools, this functionality would exist. Thanks for the suggestion though, this is likely what I'll end up doing. I don't think the documentation mentions '-' is supported for -w. ..Stu _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
