Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Filtering pcap files
Top Forums UNIX for Dummies Questions & Answers Filtering pcap files Post 302208200 by hershey101 on Monday 23rd of June 2008 08:55:48 AM
Old 06-23-2008
Update:
I have heard of Wireshark however there are several problems with that program since it takes up a lot of memory which makes it impossible to analyze large pcap files (I will be working with files upto a few hundred gigabytes) and it becomes too tedious when I am trying to find patterns using hundreds of different IP addresses. I was thinking something more along the lines of using a separate text file for the IP addresses and some how use the 'tcpdump -r myfile.pco -w out.pcap ip src "1.2.3.4"' command to make it so that it matches the IPs with the text file. Also I am only interested in the time stamps and don't require the rest of the details of the packets, so it would be helpful if I wrote a code which filters through the clutter and gives me only the time stamps.
Thank You
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Merging files with AWK filtering and counting lines

Hi there, I have a couple of files I need to merge. I can do a simple merge by concatenating them into one larger file. But then I need to filter the file to get a desired result. The output looks like this: TRNH 0000000010941 ORDH OADR OADR ORDL ENDT 1116399 000000003... (2 Replies)
Discussion started by: Meert
2 Replies

2. Programming

Filtering paquets with pcap.h

Hello everybody!! I am currently doing my intership and I need some tips for Pcap.h. I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher... (3 Replies)
Discussion started by: danathane
3 Replies

3. Programming

searching through pcap files

Hi, I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Discussion started by: hershey101
4 Replies

4. Shell Programming and Scripting

Indexing or Filtering code- Pattern Search by comparing two files

So here is goes to the Gurus of shell programming......I have tried a lot of different ways and its a very challenging code to write but i am enjoying it as i troubleshoot and hopefully someone can provide me a better option....Thank you in advance for your time and support....Much appreciated... ... (12 Replies)
Discussion started by: aavam
12 Replies

5. Programming

Process multiple pcap files at once

Hi all, I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture. I currently have handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf"); which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Discussion started by: lancer6238
0 Replies

6. Shell Programming and Scripting

Filtering multiple files with variables

Hi, I spend few hours already searching this forum, but cannot find the solution matching exactly my case. I have multiple log files, I need to filter them so I get info about certain event. So we have files: LOGA.txt LOGB.txt LOGC.txt LOGD.txt LOGE.txt 1. I need to grep lines in... (10 Replies)
Discussion started by: Vitoriung
10 Replies

7. Shell Programming and Scripting

Filtering the yesterdays date from log files via script.

hi All, I have this sample text file - access.log: Jan 18 21:34:29 root 209.151.232.70 Jan 18 21:34:40 root 209.151.232.70 Jan 18 21:34:43 root 209.151.232.70 Jan 18 21:34:56 root 209.151.232.70 Jan 18 21:35:10 root 209.151.232.70 Jan 18 21:35:23 root 209.151.232.70 Jan 18 21:36:04 root... (2 Replies)
Discussion started by: linuxgeek
2 Replies

8. Programming

need help with shell script filtering files and sort! newbie question?

Hi folks, I would like to get familiar with shell script programing. The first task is: write a shell script that: scans your home-folder + sub-directory for all txt-files that all users of your group are allowed to read and write then output these files sorted by date of last... (4 Replies)
Discussion started by: rollinator
4 Replies

9. Shell Programming and Scripting

Filtering files

Hi all, I have some files with different extensions. I want to list the files that doesnt end with particular extension for eg .txt. I want to list all files except .txt. How can I do the same? Thanks Ananth (2 Replies)
Discussion started by: Ananthdoss
2 Replies

10. Shell Programming and Scripting

Filtering files

Hi guys, I need your help. I have a big file with names and numbers in columns like this: Albumin1A713G 1 1 3 3 1 3 1 3 1 Albumin1TC1894 1 1 1 1 1 1 1 1 1 Albumin5G186T 1 1 1 1 1 1 1 1 1 AY388580_a 0 0 1 ... (21 Replies)
Discussion started by: alecapo
21 Replies

LEARN ABOUT DEBIAN

sc_warts2pcap

SC_WARTS2PCAP(1)					    BSD General Commands Manual 					  SC_WARTS2PCAP(1)

NAME

     sc_warts2pcap -- write packets included in warts object to a pcap file.

SYNOPSIS

     sc_warts2pcap [-o outfile] [-s sort] [file ...]

DESCRIPTION

     The sc_warts2pcap utility provides the ability to extract packets embedded in the tbit, sting, and sniff warts objects and write them to a
     pcap file, which can be read by tcpdump and wireshark.  The options are as follows:

     -o outfile
	     specifies the name of the output file.  If no output file is specified, it will be written to the standard output, provided that it
	     is not a tty.

     -o sort
	     specifies how the pcap records (packets) are sorted before being written out.  By default, no sorting is applied; the packets are
	     grouped as they are in the warts file.  If packet sorting is specified, the packets are written out in timestamp order.  Note that
	     this operation requires the packets to be read into memory to be sorted, so it will require a corresponding amount of memory to com-
	     plete.

EXAMPLES

     The command:

	sc_warts2pcap -o output.pcap file1.warts file2.warts

     will read the packet objects from file1.warts, and then file2.warts, and write them to output.pcap.

     The command:

	gzcat file1.warts.gz | sc_warts2pcap -s packet >file1.pcap

     will read the contents of the uncompressed warts file supplied on stdin, sort the packets by their timestamp, and then write the output to
     file1.pcap.

SEE ALSO

     scamper(1), tcpdump(1)

AUTHORS

     sc_warts2pcap is written by Stephen Eichler and Matthew Luckie.

BSD
								 October 15, 2010							       BSD
All times are GMT -4. The time now is 06:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy