02-05-2012
If you're asking whether it's better to save network dumps in ASCII format or a binary format, which is "better" -- as always -- depends entirely on what you want to do with it.
You can't grep a binary file, but text files take more space, and might not be able to be loaded back into wireshark or what have you.
10 More Discussions You Might Find Interesting
1. Programming
I don't know if this is the correct forum to post this but hopefully someone can atleast point me in the right direction if they can't help me.
I am trying to install the Net::Pcap module for perl from Tim Potter version .04. I have installed gcc 2.95.3 on my Solaris 8 box. I am sure it's just... (6 Replies)
Discussion started by: TioTony
6 Replies
2. Programming
I cant use pcap.h include file. How can I do so? :confused: (8 Replies)
Discussion started by: Pervez Sajjad
8 Replies
3. Programming
Hello everybody!!
I am currently doing my intership and I need some tips for Pcap.h.
I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher... (3 Replies)
Discussion started by: danathane
3 Replies
4. Programming
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
5. Shell Programming and Scripting
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (1 Reply)
Discussion started by: hershey101
1 Replies
7. Programming
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Discussion started by: hershey101
4 Replies
8. Shell Programming and Scripting
Hi gurus,
I have a file in unix with ascii values. I need to convert all the ascii values in the file to ascii characters. File contains nearly 20000 records with ascii values. (10 Replies)
Discussion started by: sandeeppvk
10 Replies
9. Programming
Hi I have a program that captures packets with the libpcap library by calling the pcap-functions, e.g. pcap_next(...).
I would like to use PF_RING for the program and therefore I would have to adjust the calling functions to
pfring_open(...)
pfring_recv(...)
I'm pretty knew in network... (0 Replies)
Discussion started by: Freaky123
0 Replies
10. Shell Programming and Scripting
Hi All,
I have an ascii file in which few columns are having hex values which i need to convert into ascii. Kindly suggest me what command can be used in unix shell scripting?
Thanks in Advance (2 Replies)
Discussion started by: HemaV
2 Replies
UTMPDUMP(1) User Commands UTMPDUMP(1)
NAME
utmpdump - dump UTMP and WTMP files in raw format
SYNOPSIS
utmpdump [options] [filename]
DESCRIPTION
utmpdump is a simple program to dump UTMP and WTMP files in raw format, so they can be examined. utmpdump reads from stdin unless a file-
name is passed.
OPTIONS
-f, --follow
Output appended data as the file grows.
-o, --output file
Write command output to file instead of standard output.
-r, --reverse
Undump, write back edited login information into the utmp or wtmp files.
-V, --version
Display version information and exit.
-h, --help
Display help text and exit.
NOTES
utmpdump can be useful in cases of corrupted utmp or wtmp entries. It can dump out utmp/wtmp to an ASCII file, which can then be edited to
remove bogus entries, and reintegrated using:
utmpdump -r < ascii_file > wtmp
But be warned, utmpdump was written for debugging purposes only.
File formats
The only binary version of the utmp(5) is standardised. Textual dumps may become incompatible in future.
The version 2.28 was the last one that printed text output using ctime(3) timestamp format. Newer dumps use millisecond precision ISO-8601
timestamp format in UTC-0 timezone. Conversion from former timestamp format can be made to binary, although attempt to do so can lead the
timestamps to drift amount of timezone offset.
BUGS
You may not use the -r option, as the format for the utmp/wtmp files strongly depends on the input format. This tool was not written for
normal use, but for debugging only.
AUTHOR
Michael Krapp
SEE ALSO
last(1), w(1), who(1), utmp(5)
AVAILABILITY
The utmpdump command is part of the util-linux package and is available from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils
/util-linux/>.
util-linux July 2014 UTMPDUMP(1)