 | 1 | initial version |
Unfortunately you can't use a regex on a date/time field and neither can you convert the date/time field to a string with "string(frame.time)" (which does work on other types of fields). I see no way to solve this with display filters. However, using tshark you may be able to solve this.
To get a list of all frame numbers that match the timeframe *:54:00 to *:55:59 you can use:
tshark -r <file> -T fields -e frame.number -e frame.time | grep "2019 .*:5[45]:" | cut -f 1 | xargs
Then you can feed this into a second tshark command to extract the packets:
tshark -r <file> -w <newfile -Y "$( tshark -r pbx.pcapng -T fields -e frame.number -e frame.time | grep "2019 .*:5[45]:" | cut -f 1 | xargs )"
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.