Wireshark mailing list archives
Re: editcap -B
From: Stephen Fisher <steve () stephen-fisher com>
Date: Fri, 12 Nov 2010 10:08:41 -0700
On Fri, Nov 12, 2010 at 03:03:17PM +0100, Sake Blok wrote:
I would expect '-A "2010-11-08 20:00:00" -B "2010-11-09 00:00:00"' to mean: All packets with a timestamp starting at "2010-11-08 20:00:00" and *before* "2010-11-09 00:00:00". Does anyone object to me changing (correcting) the current behavior of "-B" to what I would have expected?
This matches what the help output (editcap -h) explains on the right side, although the term "stop time" is ambigious: -A <start time> don't output packets whose timestamp is before the given time (format as YYYY-MM-DD hh:mm:ss). -B <stop time> don't output packets whose timestamp is after the given time (format as YYYY-MM-DD hh:mm:ss). Thinking of it as letting Wireshark run while you're watching the time, when you see it reach the stop time, then you would stop the capture part way through that section, depending on your reaction time. So correcting it as you describe sounds fine to me, just make sure to update the help text. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- editcap -B Sake Blok (Nov 12)
- Re: editcap -B Stephen Fisher (Nov 12)
- Re: editcap -B Sake Blok (Nov 16)
- Re: editcap -B Stephen Fisher (Nov 12)