read a file .pcap
 

I have a .pcap file but it is really in large size (1G).

I just need a part of this file which is choosen by time. For example, from 12:00:00 to 12:00:10. Is this possible?

Thank you.

Use the below command

wireshark (well.. tshark) can certainly do this easily, but tcpslice is written specifically for this purpose, so check that out.

I think the point is they don't want to have to load all the uninteresting data, not see what time the packets were. I certainly would not like the idea of loading a 1gb pcap file into wireshark.

Yes using grep.

Actually i need to use the information chosen in a new software to analyze the errors. I want to show these informations with GTK and then do the analyzation.
So maybe i can use wireshark like plug-in?

not sure what you mean by a plugin, but I would use tcpslice to hack out the interesting region of traffic to a new pcap file and then loads of 10mb or so into wireshark.

I am sorry i don't speak very well English and i don't know a thing about network.

So you mean i can generate a new file (10 seconds of the interesting region)with tcpslice and then juste analyze this file in my software?

yes, that *seems* to be exactly what you're after, no?

Yeah, I really need a file in small size but tcpslice is a linux commande, no?

what i want to realize is:
1. choose the 1G file
2. choose the time limit in a filter(something like the red words), click OK
hh : mm : ss to hh : mm : ss OK
3. show the text

I can not use the tcpslice commande in the console to generate the file.

you're asking on a linux forum about manipulating data created by a linux command and you expect us not to mention linux based solutions? :-)

tshark comes with wireshark on windows, I expect that's probably your best bet.

see this: http://www.wireshark.org/lists/wires.../msg00187.html for an example filter for a time range.

you are right, i find myself a little stupid. >_<
But thank you very much. It's really helpful.

Merci et je vous souhaite une très bonne journée.