LogParser example – start and end time for a NetMon trace

I had some large NetMon files to work with the other day. I wanted to quickly check the start and end time for each trace but didn't want to have to wait for NetMon 3.1 to load and parse them.

LogParser came to the rescue again:

>logparser -i:NETMON "SELECT MIN(DateTime) as Start, MAX(DateTime) as End from mytrace.cap"
Start                   End
----------------------- -----------------------
2007-09-18 12:24:15.651 2007-09-18 14:49:50.651

Elements processed: 621788
Elements output:    1
Execution time:     100.50 seconds (00:01:40.50)

Still not instantaneous but faster than NetMon.

Times in a NetMon trace are in local time for the server they came from.



Skip to main content