The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
Reload this Page Filter wireshark output
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: Filter wireshark output
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 06-05-2009
Dedalus Dedalus is offline
Registered User
  
 

Join Date: May 2009
Location: Italy/France
Posts: 60
Filter wireshark output
Hi

I have a wireshark file saved (from my network) and I have to analyze the flows inside it.
The problem is that i have to analyze not the complete file (60.000 pkts!) but just a subset of it.
In other words i have to sample the wireshark.file.dump and for example from 60.000 pkts take randomly just 6.000 pkts.
Wireshark allows you to select or mark same pkts but by hand!!!! (very long time)
Is there any filter to build in order to take randomly just a part of the complete file?
Or is there any other tool that can analize libpcap file and take a subset?

thx in advance

Dedalus