Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Filtering pcap files
Top Forums UNIX for Dummies Questions & Answers Filtering pcap files Post 302208200 by hershey101 on Monday 23rd of June 2008 08:55:48 AM
Old 06-23-2008
Update:
I have heard of Wireshark however there are several problems with that program since it takes up a lot of memory which makes it impossible to analyze large pcap files (I will be working with files upto a few hundred gigabytes) and it becomes too tedious when I am trying to find patterns using hundreds of different IP addresses. I was thinking something more along the lines of using a separate text file for the IP addresses and some how use the 'tcpdump -r myfile.pco -w out.pcap ip src "1.2.3.4"' command to make it so that it matches the IPs with the text file. Also I am only interested in the time stamps and don't require the rest of the details of the packets, so it would be helpful if I wrote a code which filters through the clutter and gives me only the time stamps.
Thank You
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Merging files with AWK filtering and counting lines

Hi there, I have a couple of files I need to merge. I can do a simple merge by concatenating them into one larger file. But then I need to filter the file to get a desired result. The output looks like this: TRNH 0000000010941 ORDH OADR OADR ORDL ENDT 1116399 000000003... (2 Replies)
Discussion started by: Meert
2 Replies

2. Programming

Filtering paquets with pcap.h

Hello everybody!! I am currently doing my intership and I need some tips for Pcap.h. I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher... (3 Replies)
Discussion started by: danathane
3 Replies

3. Programming

searching through pcap files

Hi, I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Discussion started by: hershey101
4 Replies

4. Shell Programming and Scripting

Indexing or Filtering code- Pattern Search by comparing two files

So here is goes to the Gurus of shell programming......I have tried a lot of different ways and its a very challenging code to write but i am enjoying it as i troubleshoot and hopefully someone can provide me a better option....Thank you in advance for your time and support....Much appreciated... ... (12 Replies)
Discussion started by: aavam
12 Replies

5. Programming

Process multiple pcap files at once

Hi all, I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture. I currently have handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf"); which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Discussion started by: lancer6238
0 Replies

6. Shell Programming and Scripting

Filtering multiple files with variables

Hi, I spend few hours already searching this forum, but cannot find the solution matching exactly my case. I have multiple log files, I need to filter them so I get info about certain event. So we have files: LOGA.txt LOGB.txt LOGC.txt LOGD.txt LOGE.txt 1. I need to grep lines in... (10 Replies)
Discussion started by: Vitoriung
10 Replies

7. Shell Programming and Scripting

Filtering the yesterdays date from log files via script.

hi All, I have this sample text file - access.log: Jan 18 21:34:29 root 209.151.232.70 Jan 18 21:34:40 root 209.151.232.70 Jan 18 21:34:43 root 209.151.232.70 Jan 18 21:34:56 root 209.151.232.70 Jan 18 21:35:10 root 209.151.232.70 Jan 18 21:35:23 root 209.151.232.70 Jan 18 21:36:04 root... (2 Replies)
Discussion started by: linuxgeek
2 Replies

8. Programming

need help with shell script filtering files and sort! newbie question?

Hi folks, I would like to get familiar with shell script programing. The first task is: write a shell script that: scans your home-folder + sub-directory for all txt-files that all users of your group are allowed to read and write then output these files sorted by date of last... (4 Replies)
Discussion started by: rollinator
4 Replies

9. Shell Programming and Scripting

Filtering files

Hi all, I have some files with different extensions. I want to list the files that doesnt end with particular extension for eg .txt. I want to list all files except .txt. How can I do the same? Thanks Ananth (2 Replies)
Discussion started by: Ananthdoss
2 Replies

10. Shell Programming and Scripting

Filtering files

Hi guys, I need your help. I have a big file with names and numbers in columns like this: Albumin1A713G 1 1 3 3 1 3 1 3 1 Albumin1TC1894 1 1 1 1 1 1 1 1 1 Albumin5G186T 1 1 1 1 1 1 1 1 1 AY388580_a 0 0 1 ... (21 Replies)
Discussion started by: alecapo
21 Replies

LEARN ABOUT NETBSD

pcap_setdirection

PCAP_SETDIRECTION(3)					     Library Functions Manual					      PCAP_SETDIRECTION(3)

NAME

       pcap_setdirection - set the direction for which packets will be captured

SYNOPSIS

       #include <pcap/pcap.h>

       int pcap_setdirection(pcap_t *p, pcap_direction_t d);

DESCRIPTION

       pcap_setdirection()  is	used  to  specify  a  direction that packets will be captured.	d is one of the constants PCAP_D_IN, PCAP_D_OUT or
       PCAP_D_INOUT.  PCAP_D_IN will only capture packets received by the device, PCAP_D_OUT will only capture packets	sent  by  the  device  and
       PCAP_D_INOUT will capture packets received by or sent by the device.  PCAP_D_INOUT is the default setting if this function is not called.

       pcap_setdirection() isn't necessarily fully supported on all platforms; some platforms might return an error for all values, and some other
       platforms might not support PCAP_D_OUT.

       This operation is not supported if a ``savefile'' is being read.

RETURN VALUE

       pcap_setdirection() returns 0 on success and -1 on failure.  If -1 is returned, pcap_geterr() or pcap_perror() may be called with p  as	an
       argument to fetch or display the error text.

SEE ALSO

       pcap(3), pcap_geterr(3)

								   5 April 2008 					      PCAP_SETDIRECTION(3)
All times are GMT -4. The time now is 07:38 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy