Wireshark · Ethereal-users: RE: [Ethereal-users] How to find the traffic for specific date ?

Ethereal-users: RE: [Ethereal-users] How to find the traffic for specific date ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Francisco Alcoba (TS/EEM)" <francisco.alcoba@xxxxxxxxxxxx>

Date: Tue, 15 Mar 2005 08:29:05 +0100

> I have capture the traffic for a week.
> now, i would like to check the traffic for certain date and 
> time range...
> how can i make it ?
> seems the display filter cannot let me do in this way....
> 
> can you kindly telling me how ?

Hi,

The filter you'll need is frame.time. You can do something like:

  frame.time > "Nov  6, 2003 12:10:26.930132000"

The problem there is that the comparison is made on strings, so 
"Nov  14" will be seen as before "Nov  6". What you can do, then, is to 
look at a packet for the beginning date you want, and check its 
"Time since reference or first frame". Then do the same for the last 
one, and then use 

  (frame.time_relative > xxxxx) && (frame.time_relative < yyyyy)

The field is in seconds, so you really don't need to look for the frames,
you can make the calculations. One week is 604800 seconds, so

  frame.time_relative < 604800

gives you the packets in the first week of capture.

Best regards,

  Francisco

Prev by Date: [Ethereal-users] Installing Ethereal on Solaris Problem
Next by Date: Re: [Ethereal-users] Can't open ethereal's preferences window in Windows
Previous by thread: [Ethereal-users] How to find the traffic for specific date ?
Next by thread: [Ethereal-users] Error decoding tagged Radius attributes
Index(es):
- Date
- Thread