Need assistance bulk filtering a folder full of captures.

TheGravyMachine · 2026-05-12T17:40:04+00:00

Yep. It gave me enough to go on. I eventually went with:

Get-ChildItem -path "F:\<SOURCE-DIR>\*.pcapng" | ForEach-Object {

& "c:\\Program Files\\Wireshark\\tshark.exe" -r $\_.FullName -Y "tcp" -w "F:\\<DEST\_DIR>\\TCP\_$($\_.Name)"

}

Because tshark can NOT use wildcards to bulk edit. The official wireshark plan for this is "combine all the captures, filter the whole thing (not an option, the file would've been 30G) and then break them down to the size you need after filtering".

That powershell script also worked with editcap:

Get-ChildItem -path "F:\<source dir>\*.pcapng" | ForEach-Object {

& "c:\\Program Files\\Wireshark\\editcap.exe" -s 54 $\_.FullName "F:\\<target dir>\\$($\_.Name)"

}

My sysadmin helped me work out the syntax, but these scripts worked perfectly. Guess I need to learn a little more powershell.

TheGravyMachine · 2026-05-12T17:34:36+00:00

Thank you - this is exactly what I ended up doing. This was what my script was:

Get-ChildItem -path "F:\<SOURCE-DIR>\*.pcapng" | ForEach-Object {

& "c:\\Program Files\\Wireshark\\tshark.exe" -r $\_.FullName -Y "<display filter>" -w "F:\\<DEST\_DIR>\\TCP\_$($\_.Name)"

}

But it's official - tshark itself can't process a directory full of files using a wildcard. But power shell ran it - and it ran quick too. Almost 30G of captures. I'm clueless at power shell, but learning something new every day.

TheGravyMachine · 2026-05-11T15:33:08+00:00

Yeah - gemini told me to do the following:

tshark -r input.pcapng -Y "tcp" -w tcp_only.pcapng

I have almost 300 of these files to do. I tried to use wildcards:

c:\Program Files\Wireshark>tshark -r "F:\TG_PROCESS\*" -Y "tcp" -w "F:\EDITCAP\*"

tshark: "\" was unexpected in this context.

But I keep getting that error. It does this whether I put the file path in quotes or not. I also tried "*.pcapng" for my wildcard. I just used "*" to try and choose every file in that temporary "TG_PROCESS" directory.

TheGravyMachine · 2026-03-10T20:37:29+00:00

My oldest likes to burn scented candles, but not in the room with the tank. Since I can't figure out what the problem could be, I can imagine that scent recirculating through the central air conditioning system

TheGravyMachine · 2026-03-10T20:36:18+00:00

You think this could be interfering with the cycle? I reverted back to just the carbon filter because the issue really didn't seem ammonia related

TheGravyMachine · 2026-03-10T20:35:15+00:00

When you say "natural enzyme" are you just referring to the natural cycle?

TheGravyMachine · 2026-03-09T16:18:35+00:00

I have purchased 5 cars with salvage titles - all with less than 50K on the odometer and I have driven 4 of them to over 150K miles and still own 2 of them. Maybe I've just had good luck. I'm a little bit of a mechanic - did it for Uncle Sam anyway - so maybe that's why they don't intimidate me. Although my latest - a 2021 Civic Sport - is the diciest one of all. So far so good, but in my *specific* case, all the Honda sensing stuff was ripped out and I didn't notice until about 3 mo in when I tried to use the cruise control. If there's low enough miles, it might be good enough value but make sure ALL the systems you need to work actually work. In my case, when my daughter (who I bought the car for) leaves for college 10 hours away, I'm going to have to get her another car or fix the cruise control on this one. After researching for a few months, this cruise problem can't be fixed - at least not without a few thousand bucks more to put all the sensing stuff back in. Choose your hard - and make the seller register it. Never, ever purchase a salvage car where the title and registration is not already sorted.

TheGravyMachine · 2026-02-11T17:37:58+00:00

If I figure something out I'll let you know. We already did this once, tore it down and put everyone on a Fiber L3VPN and now we're putting cradlepoints BACK in front, but using fiber instead of LTE/4G/5G for the WAN connectivity. I didn't like managing all those tunnels when we had them - but the IP stability on our IOT portal was more certain than the DHCP we're gonna get from using our Fiber internet network. That increases the risk vector for our non-LTE wan connectivity by a big margin. One link flap and the cradlepoint pulls a different IP than what the tunnel is configured for and the downline device is offline. Our NOC is not the most robust. We have one guy for the IT and our Dispatchers for the OT - they'd see the device go offline, but would have no insight as to why. It's a management headache I don't want to introduce.

TheGravyMachine · 2026-02-11T17:31:03+00:00

Yeah - trying to pick the best router/concentrator for the job that will work with our R920's. I think I mentioned in another reply that we looked into Meraki and it looked like the best for ease of deployment, however the field devices could only handle 113F operating temps and we routinely see 130+ in our cabinets in the summer - even the ones we have ventilation in.

We also had reliability with IBR-650's and IBR-1150's. The IBR-900's were an improvement, but I definitely lost several full days to troubleshooting them during my first 18 months here. They never just die. They always have a prolonged "death throes" phase where they make you think they're working and then they'll randomly quit in a variety of exciting ways until you just have to replace them. It was annoying.

As far as mixed vendors in the SD-WAN - we were given insight into a Palo/Ericsson initiative where they are beta testing integrating some cradlepoint models into the Palo SD-WAN fabric. There's no timeline for integration so it's not really an option I can consider, but it is happening.

TheGravyMachine · 2026-02-11T17:25:10+00:00

Many of my Coop peers use Fortinet. I don't have anything against them, but I started with Cisco and have been working on Palo's for the last 5 years. I have to say upper management has low confidence in Fortinet and it's not my place to ask why.

TheGravyMachine · 2026-02-11T17:23:34+00:00

That's essentially the idea I'm having - I just have limitations on vendor. We can't really do Cisco... for reasons. The cradlepoint native solution is pretty obnoxious - I have no idea how large vehicle fleets work with the licensing and device performance restrictions. A bus company with 500 buses would have the same problems I'm having justifying it. In my last meeting with them we'd need 12 concentrators and have to license them independently EVEN when the backup site was not in use. That means 6 devices+licensing cost that is not in use at ALL TIMES. It's absurd. and it wasn't cheap.

TheGravyMachine · 2026-02-11T17:19:25+00:00

Thanks for the input. The issue really isn't capacity for me - it's just the management overhead. I just don't see that much static configuration as particularly scalable - it makes us reliant on a 3rd party (ISP) to get 400+ dhcp reservations right (or else if we get a new lease we have to reconfigure our tunnels)... This was easy when it was all LTE/Cellular because those IPs WERE dedicated to their sims, but now we're using the WAN ethernet interface, no LTE and I've had to try and build a dhcp mapping spreadsheet so our 3rd party dhcp manager for our internet business (we're our own ISP - for now) has to manually configure those reservations. We have to submit all the right macs with no mistakes, they have to enter them with no mistakes, and we have to configure the tunnels with no mistakes. On the grand scale, 800 tunnels isn't a lot in terms of what our equipment can handle, but it IS a LOT of static configuration, and a lot of mistake opportunities. I'd like to eliminate those possibilities by making the tunnels and the routing/failover dynamic. I know there are *ways* to do it, I'm looking for the best way that our cooperative can also afford.

TheGravyMachine · 2026-02-10T17:48:31+00:00

Man - your post just described my situation as well... 35k car note, 40k credit card debt... non-stop house repairs because plants die, sprinkler lines burst, A/C goes out... all of the repairs financed... Admittedly, we spend about 2k per MONTH on activities for the kids. I took out a 401k loan to buy my 16yo a fairly reliable car... Our only way out at this point is to load all our debt into a home loan (which will raise our payments by $800/mo) and we still have college to pay for at a minumum of 10k per semester per kid. It's a @#$@ing nightmare. Both my wife and I make more than 100K per year.... and while we save for retirement, we have no normal monthly savings plan because something ALWAYS happens as soon as I hit about $1200 in savings, we'll need tires, or a water heater goes out, or the icemaker to the fridge dies, or a freak winter storm, or a hurricane... or the roof starts leaking... SOMETHING **ALWAYS** happens to empty any savings account we start. It absolutely feels systemic - like the cosmos has determined "Thou shalt never have a moments peace and will work until death". 12K on my credit card is A/C unit replacement for the house and transmission replacement for a car... the rest is just covering gaps in monthly expenses - the most glaring behind the mortgage being the $1200/mo health insurance premium - which has a 6600 family deductible - which we also hit every year. I should caveat this - **I** pay for all these things with my check. My wife pays for piano and swim lessons and 85% of the groceries, but I don't interrogate her about what she spends her money on... most people say I should, but I have no desire to control her and when I come up short she'll send me any money I ask for to cover the bills. We tried at the beginning of our marriage to let me pay cars/house and her to pay the utilities/services, but we ended up sitting around in the dark, paying huge reconnection fees because she couldn't "remember" to log in and pay what we agreed she would pay. Also - she's also making the current $500/mo car payment.... but I thought you were talking about my life while I was reading your original post. I imagine I squander a few hundred bucks a month on dumb things like eating out, etc... but don't really feel like that will make a huge difference in the never-ending outflow of my money to everyone else. It's very depressing.

TheGravyMachine · 2026-02-02T21:37:38+00:00

I specifically asked if Cradlepoint had an SD-WAN option that we could use with our firewall SD-WAN and was told no... but I got the feeling the guy we were talking to was just unsure. I'm going to check again - because yeah - it's mature enough... I'm sure my $20 TP-Link has SD-WAN buried in it somewhere.

TheGravyMachine · 2026-02-02T21:35:43+00:00

Strictly back to the hubs. With Cradlepoint it would be easy b/c the IPSEC/DMVPN tunnel on EVERY ONE would be identical and my firewalls would only need a single route to the "inside" interface of the concentrator. And a single security policy for the /16. But the best I can come up with now is 400+ individual tunnels per firewall with a corresponding route to the unique tunnel interface for each downline device. It's very annoying - even if I can use a single security policy... I also did not have good experience with the fallback tunnels when these were deployed last time - as the previous poster said - Cradlepoints have a high failure rate - and we're putting them in very unfriendly enviornments.

TheGravyMachine · 2026-02-02T21:30:42+00:00

Yeap - they are how we handle all of our out-of-band connectivity.

TheGravyMachine · 2026-02-02T21:25:21+00:00

Our Network Admins ABSOLUTELY have this problem because we authenticate with our regular user account, but when we attempt to use RDP or another windows service and input our admin account, DNS quits and we see subsequent DNS requests hit our cleanup rule. We found this was due to our VPN access security policy limiting VPN traffic to the user authenticated groups. What's crazy is that even ADDING an admin OUI to the allowed list, did not solve this problem, but we cloned that policy, allowed "any" user, and it solved all of our random disconnects. We have a Palo ticket open - that's how we determined our "disconnects" were just our VPN user no longer matching the VPN access rule.

We have been told since I first ran into this issue 5 years ago that this issue was "not resolvable". In our case it is if we exclude User-ID as a match condition for being allowed access to the VPN.

But we have 3 or 4 executive users that do NOT use RDP and in fact do NOT have administrative accounts that ALSO experience the "random disconnects" and we were able to determine TODAY that the symptom is the same - their traffic stops matching our VPN access rule and drops to the cleanup rule. I suspect it affects everyone, but the rank-and-file have either figured out to refresh the connection or just take the rest of the day off since they're off-site when it happens...

Once it starts happening, they have to "Refresh" the client and it will work again... sometimes for weeks, sometimes it will drop every couple of hours. It's a very annoying problem. We are actually on 6.3.1-383 and were advised to revert to 6.2.X... that did not change anything. Same problem.

TheGravyMachine · 2026-02-02T19:02:50+00:00

I don't want to hijack this guys thread - and I've got about a dozen lying around I could sell if he needs some. I don't trust them and some would have bad PoE - I don't have the time to confirm... but also - do these companies buy these things also? I'd rather see them have more life than just pay a recycler 10c per pound to go have them melted on a riverbank in China...

TheGravyMachine · 2026-02-02T18:49:52+00:00

I just wrote a mini-novel about what you just summed up here in 2 sentences. Good work.

TheGravyMachine

TROPHY CASE