Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Filtering pcap files
Top Forums UNIX for Dummies Questions & Answers Filtering pcap files Post 302207362 by hershey101 on Thursday 19th of June 2008 04:45:36 PM
Old 06-19-2008
Filtering packets
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap files by ip addresses and then records the timestamps. I know a few programs that do this type of thing such as WireShark but they take up too much memory when analyzing gigabytes of data and that is why I am looking to write a relatively simple code which just gets my task done and gathers data for me.
Edit/Delete Message
Last edited by hershey101; 06-19-2008 at 06:30 PM..
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Merging files with AWK filtering and counting lines

Hi there, I have a couple of files I need to merge. I can do a simple merge by concatenating them into one larger file. But then I need to filter the file to get a desired result. The output looks like this: TRNH 0000000010941 ORDH OADR OADR ORDL ENDT 1116399 000000003... (2 Replies)
Discussion started by: Meert
2 Replies

2. Programming

Filtering paquets with pcap.h

Hello everybody!! I am currently doing my intership and I need some tips for Pcap.h. I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher... (3 Replies)
Discussion started by: danathane
3 Replies

3. Programming

searching through pcap files

Hi, I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Discussion started by: hershey101
4 Replies

4. Shell Programming and Scripting

Indexing or Filtering code- Pattern Search by comparing two files

So here is goes to the Gurus of shell programming......I have tried a lot of different ways and its a very challenging code to write but i am enjoying it as i troubleshoot and hopefully someone can provide me a better option....Thank you in advance for your time and support....Much appreciated... ... (12 Replies)
Discussion started by: aavam
12 Replies

5. Programming

Process multiple pcap files at once

Hi all, I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture. I currently have handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf"); which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Discussion started by: lancer6238
0 Replies

6. Shell Programming and Scripting

Filtering multiple files with variables

Hi, I spend few hours already searching this forum, but cannot find the solution matching exactly my case. I have multiple log files, I need to filter them so I get info about certain event. So we have files: LOGA.txt LOGB.txt LOGC.txt LOGD.txt LOGE.txt 1. I need to grep lines in... (10 Replies)
Discussion started by: Vitoriung
10 Replies

7. Shell Programming and Scripting

Filtering the yesterdays date from log files via script.

hi All, I have this sample text file - access.log: Jan 18 21:34:29 root 209.151.232.70 Jan 18 21:34:40 root 209.151.232.70 Jan 18 21:34:43 root 209.151.232.70 Jan 18 21:34:56 root 209.151.232.70 Jan 18 21:35:10 root 209.151.232.70 Jan 18 21:35:23 root 209.151.232.70 Jan 18 21:36:04 root... (2 Replies)
Discussion started by: linuxgeek
2 Replies

8. Programming

need help with shell script filtering files and sort! newbie question?

Hi folks, I would like to get familiar with shell script programing. The first task is: write a shell script that: scans your home-folder + sub-directory for all txt-files that all users of your group are allowed to read and write then output these files sorted by date of last... (4 Replies)
Discussion started by: rollinator
4 Replies

9. Shell Programming and Scripting

Filtering files

Hi all, I have some files with different extensions. I want to list the files that doesnt end with particular extension for eg .txt. I want to list all files except .txt. How can I do the same? Thanks Ananth (2 Replies)
Discussion started by: Ananthdoss
2 Replies

10. Shell Programming and Scripting

Filtering files

Hi guys, I need your help. I have a big file with names and numbers in columns like this: Albumin1A713G 1 1 3 3 1 3 1 3 1 Albumin1TC1894 1 1 1 1 1 1 1 1 1 Albumin5G186T 1 1 1 1 1 1 1 1 1 AY388580_a 0 0 1 ... (21 Replies)
Discussion started by: alecapo
21 Replies

LEARN ABOUT NETBSD

pcap_compile

PCAP_COMPILE(3) 					     Library Functions Manual						   PCAP_COMPILE(3)

NAME

       pcap_compile - compile a filter expression

SYNOPSIS

       #include <pcap/pcap.h>

       int pcap_compile(pcap_t *p, struct bpf_program *fp,
	       const char *str, int optimize, bpf_u_int32 netmask);

DESCRIPTION

       pcap_compile()  is  used  to compile the string str into a filter program.  See pcap-filter(7) for the syntax of that string.  program is a
       pointer to a bpf_program struct and is filled in by pcap_compile().  optimize controls whether optimization on the resulting code  is  per-
       formed.	 netmask  specifies  the  IPv4	netmask of the network on which packets are being captured; it is used only when checking for IPv4
       broadcast addresses in the filter program.  If the netmask of the network on which packets are being captured isn't known to  the  program,
       or  if  packets	are  being  captured  on  the Linux "any" pseudo-interface that can capture on more than one network, a value of PCAP_NET-
       MASK_UNKNOWN can be supplied; tests for IPv4 broadcast addreses will fail to compile, but all other tests in the filter program will be OK.

RETURN VALUE

       pcap_compile() returns 0 on success and -1 on failure.  If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an  argu-
       ment to fetch or display the error text.

SEE ALSO

       pcap(3), pcap_setfilter(3), pcap_freecode(3), pcap_geterr(3), pcap-filter(7)

								   5 April 2008 						   PCAP_COMPILE(3)
All times are GMT -4. The time now is 09:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy