06-23-2008
I was thinking something more along the lines of using a separate text file for the IP addresses and some how use the 'tcpdump -r myfile.pco -w out.pcap ip src "1.2.3.4"' command to make it so that it matches the IPs with the text file. Also I am only interested in the time stamps and don't require the rest of the details of the packets, so it would be helpful if I wrote a code which filters through the clutter and gives me only the time stamps.
Thank You
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi there
can anyone tell me how to search and copy files under unix?
im writing shell scripts with 'vi' and 'pico'
something like
read directoryName
if
then
echo Copying the files
copy those *.src files to sub1(another directory) using cp
else
... (4 Replies)
Discussion started by: nickaren
4 Replies
2. Programming
I cant use pcap.h include file. How can I do so? :confused: (8 Replies)
Discussion started by: Pervez Sajjad
8 Replies
3. UNIX for Advanced & Expert Users
Hi,
I have a file
/db01/dat/march 2006/7001DW06.03B
Please note, between "march 2006" there is a space/tab.
While running the following script, it identifies
/db01/dat/march ----> as first file
2006/7001DW06.03B ---> as second file.
SRC_PATH = /db01/dat
SEARCH_FILENAME =... (12 Replies)
Discussion started by: ronald_brayan
12 Replies
4. Shell Programming and Scripting
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (1 Reply)
Discussion started by: hershey101
1 Replies
6. Programming
Hi all,
I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture.
I currently have
handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf");
which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Discussion started by: lancer6238
0 Replies
7. Shell Programming and Scripting
I have a list of files in directory and i should write a script if any of these files contains words given in a text file test.txt. the words can be case ignored and word should match.
The output should be the name of the directory in which the file is present followed by list of file names
Eg:... (1 Reply)
Discussion started by: kinny
1 Replies
8. UNIX for Advanced & Expert Users
Hi, I have the following command to list files beginning with a specific name and containing some text...
find . -type f -name "dm_merge_domain_adm*" -exec grep -il "Error Message:" '{}' \; -print|xargs ls -ltr
It works fine, but seems to list two of each file, when they only exist once...any... (1 Reply)
Discussion started by: chrislluff1976
1 Replies
9. Shell Programming and Scripting
I have a list of pattern in a file, I want each of these pattern been searched from 4 files. I was wondering this can be done in SED / AWK.
say my 4 files to be searched are
> cat f1
abc/x(12) 1
abc/x 3
cde 2
zzz 3
fdf 4
> cat f2
fdf 4
cde 3
abc 2... (6 Replies)
Discussion started by: novice_man
6 Replies
10. Shell Programming and Scripting
i want to search a file bt it not happening i m using
#!bin/bash
read file
if (-e "$file")
then
echo "asfsafafa"
else
echo "NO SUCH FILE"
fi
....error
./VMC.sh: line 5: : command not found
NO SUCH FILE
;;;;;;;;;;
its giving correctly no such file found but whats is command not found. (7 Replies)
Discussion started by: console
7 Replies
LEARN ABOUT CENTOS
pcap_fopen_offline
PCAP_OPEN_OFFLINE(3PCAP) PCAP_OPEN_OFFLINE(3PCAP)
NAME
pcap_open_offline, pcap_open_offline_with_tstamp_precision, pcap_fopen_offline, pcap_fopen_offline_with_tstamp_precision - open a saved
capture file for reading
SYNOPSIS
#include <pcap/pcap.h>
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pcap_open_offline(const char *fname, char *errbuf);
pcap_t *pcap_open_offline_with_tstamp_precision(const char *fname,
u_int precision, char *errbuf);
pcap_t *pcap_fopen_offline(FILE *fp, char *errbuf);
pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *fp,
u_int precision, char *errbuf);
DESCRIPTION
pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a ``savefile'' for reading.
fname specifies the name of the file to open. The file can have the pcap file format as described in pcap-savefile(5), which is the file
format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcap-ng file format, although not all pcap-ng files can
be read. The name "-" in a synonym for stdin.
pcap_open_offline_with_tstamp_precision() takes an additional precision argument specifying the time stamp precision desired; if
PCAP_TSTAMP_PRECISION_MICRO is specified, packet time stamps will be supplied in seconds and microseconds, and if PCAP_TSTAMP_PRECI-
SION_NANO is specified, packet time stamps will be supplied in seconds and nanoseconds. If the time stamps in the file do not have the
same precision as the requested precision, they will be scaled up or down as necessary before being supplied.
Alternatively, you may call pcap_fopen_offline() or pcap_fopen_offline_with_tstamp_precision() to read dumped data from an existing open
stream fp. pcap_fopen_offline_with_tstamp_precision() takes an additional precision argument as described above. Note that on Windows,
that stream should be opened in binary mode.
RETURN VALUE
pcap_open_offline(), pcap_open_offline_with_tstamp_precision(), pcap_fopen_offline(), and pcap_fopen_offline_with_tstamp_precision() return
a pcap_t * on success and NULL on failure. If NULL is returned, errbuf is filled in with an appropriate error message. errbuf is assumed
to be able to hold at least PCAP_ERRBUF_SIZE chars.
SEE ALSO
pcap(3PCAP), pcap-savefile(5)
1 July 2013 PCAP_OPEN_OFFLINE(3PCAP)