Wireshark · Wireshark-users: [Wireshark-users] Specifying a date range in editcap

["Andrew Chalk" <achalk@xxxxxxxxxxxxxxxxxxxxxx>]

I want to include only a time range of records in a new file created with editcap. If I use the following command line:

 

editcap -r -A 2007:12:06 15:00:00 -B  2007-12-06 16:00:00 Infile.cap Outfile.cap

 

I get the error message:

editcap: "2007:12:06" isn't a valid time format

 

Could someone tell me the correct time format? The one I am using conforms to the ‘-h’ specification.

 

This is Editcap 0.99.6a (SVN Rev 22276).

 

Many thanks!