Hi, Does anyone know how to drop 400 unwanted packets in a already caputured snoop file to analyze with wireshark ?
According to this list, editcap has a 100 limitation. I would like to analyze LDAP packets file, which was already captured, without specified src tcp.port(about 400 ports!). It seems Wireshark does not have a feature to read display filter from file. I would like to write scripts as follows, (tcp.ports != 400 && tcp.ports !=401 && .... && tcp.ports = 800) of course, port number is not sequencial. Thanks in advance Regards, // Mitsuho Iizuka // AP Server Grp., 2nd System Software Div., // System Software Opr.Unit, IT Platform Biz.Unit, NEC Corp. // Phone:+81-3-3456-4322 _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
