This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Searching the Info Field in 1k files

0

Hi guys,

I got a problem with the info field.

I need to search for log files which contain :"Retransmission" in the info field in about 1k logs.
However, i already know that the frame doesnt contain the information "Retransmission".

Do you guys know any workaround to filter the log-files with the info field : [Retransmission] in any part of the logfile?

if you need any more information pls let me know.
thanks in advance.

asked 03 Sep '15, 02:20

schmiddi's gravatar image

schmiddi
6113
accept rate: 0%


One Answer:

1

Nothing that can't be solved with a for loop :)

for file in *.pcap; do tshark -r $file -Y tcp.analysis.retransmission -w $file_ret.pcapng; done

answered 03 Sep '15, 08:10

Roland's gravatar image

Roland
7642415
accept rate: 13%

edited 03 Sep '15, 08:47

wow , thx! it worked.

(04 Sep '15, 01:03) schmiddi