Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] How to filter out last 1000 frames in a quick way

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Sat, 05 Jul 2008 23:11:33 -0400

Bin Zhou wrote:
Sometime, I capture a big size of file, but I may need to do voip calls analysis for a snapshot. For example, it is good enough for me to see flows of last one thousand packets. If there is a quick way to filter out last 1000 frames without going to the frame or packet detail level, it will be very helpful. 
Thanks for your help in advance.
The only thing you could try would be to use "editcap -c xxx" to specify how many packets you want per trace file (where xxx = how many packets you want)
Or you could try -A option to specify when you want to start seeing the "interesting" packets. 

--

Thanks,
Hansang
  • Follow-Ups:
    • Re: [Wireshark-users] How to filter out last 1000 frames in a quick way
      • From: Abhik Sarkar
  • Prev by Date: Re: [Wireshark-users] add random packet lost
  • Next by Date: Re: [Wireshark-users] BPDU packets
  • Previous by thread: Re: [Wireshark-users] add random packet lost
  • Next by thread: Re: [Wireshark-users] How to filter out last 1000 frames in a quick way
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation