Post capture file processing

[snoffer]

I wish to do some post capture processing of some LAN traffic inorder to determine the cause of some problems experienced. I would like to add in some logic along the lines of

IF Packet n field 2 - Packet n field 1 >= y
THEN filter packet
ELSE discard packet from filter

1.Is this easily possibly using filters via Sniffer application OR should I use a batch type process with scripting (Perl, VB etc) to process the capture files.

2.Where can I get a breakdown of the .Cap file format sufficient to determine the Layer 2 frame and Layer 3 length fields ?


Regards
Snoffer

 

[fortunat]

It sounds like a Display->Data Pattern match would help you out. If you need more info, let me know.

'Making things work better; bit by bit.'

 

[snoffer]

Thks Fortunant.

Is this not going to be a bit long winded using data patterns, since I'll have to cater for numerous field lengths (one data pattern for each length in range that I require). Hence the If then else comparison logic.

Available for chat offline if required.

Regards
Will