I had some large NetMon files to work with the other day. I wanted to quickly check the start and end time for each trace but didn’t want to have to wait for NetMon 3.1 to load and parse them.
LogParser came to the rescue again:
>logparser -i:NETMON “SELECT MIN(DateTime) as Start, MAX(DateTime) as End from mytrace.cap”
2007-09-18 12:24:15.651 2007-09-18 14:49:50.651
Elements processed: 621788
Elements output: 1
Execution time: 100.50 seconds (00:01:40.50)
Still not instantaneous but faster than NetMon.
Times in a NetMon trace are in local time for the server they came from.