IS it possible to create equations on wireshark filters

I'd like if it is possible to use wireshark filter to do equations. For example. If I have two fields with timestamps on a frame. Can I gete the difference between then, or add on to another? something like that? thanks in advance.

filter equation wireshark

asked 08 Aug '12, 05:41

higorsilvacomh
1●1●1●1
accept rate: 0%

One Answer:

oldest newest most voted

The filters are used to either:

Select if a frame from the selected interface(s) is written to the capture output sink. These are called capture filters.
Select if a frame from the capture file is displayed in the Wireshark GUI. These are called display filters.

In both these cases the filter expressions return a yes/no that indicates if the frame passes the filter and should be captured/displayed as appropriate and do not return any other useful value in that respect.

If you wish to calculate inter-frame differences you'll have to resort to a tap or scripting the output of tshark.

link

answered 08 Aug '12, 06:24

grahamb ♦
4.1k●2●15●64
accept rate: 15%

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

wireshark ×468
filter ×128
equation ×1

Asked: 08 Aug '12, 05:41

Seen: 337 times

Last updated: 08 Aug '12, 06:24

IS it possible to create equations on wireshark filters

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions