This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

IS it possible to create equations on wireshark filters

0

I'd like if it is possible to use wireshark filter to do equations. For example. If I have two fields with timestamps on a frame. Can I gete the difference between then, or add on to another? something like that? thanks in advance.

asked 08 Aug '12, 05:41

higorsilvacomh's gravatar image

higorsilvacomh
1111
accept rate: 0%

One Answer:

0

The filters are used to either:

  1. Select if a frame from the selected interface(s) is written to the capture output sink. These are called capture filters.
  2. Select if a frame from the capture file is displayed in the Wireshark GUI. These are called display filters.

In both these cases the filter expressions return a yes/no that indicates if the frame passes the filter and should be captured/displayed as appropriate and do not return any other useful value in that respect.

If you wish to calculate inter-frame differences you'll have to resort to a tap or scripting the output of tshark.

answered 08 Aug '12, 06:24

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%