Login or Register to Ask a Question and Join Our Community


Programming

searching through pcap files

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming searching through pcap files
# 1  
Old 06-19-2008
searching through pcap files
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap files by ip addresses and then records the timestamps. I know a few programs that do this type of thing such as WireShark but they take up too much memory when analyzing gigabytes of data and that is why I am looking to write a relatively simple code which just gets my task done and gathers data for me.
# 2  
Old 06-20-2008
Question Can you provide some specifics?
To best assist you, info on:
a) directory structure to begin searching [i.e. /usr/smile]
b) template of filename(s) to review [i.e. abcd????.*]
c) sample of data within files to retrieve
[i.e. 12.10.77.112 blah-blah 06/10/2008
19.5.79.141 hurrah 05/11/2007]

and so on.
# 3  
Old 06-20-2008
If you just want a lean interface to read the pcap files you can take a look at libpcap's
pcap_open_offline() and some related packet analysis: libpcap packet capture tutorial, or you can
simply use tcpdump -r for the most part.

HTH
# 4  
Old 06-23-2008
I was thinking something more along the lines of using a separate text file for the IP addresses and some how use the 'tcpdump -r myfile.pco -w out.pcap ip src "1.2.3.4"' command to make it so that it matches the IPs with the text file. Also I am only interested in the time stamps and don't require the rest of the details of the packets, so it would be helpful if I wrote a code which filters through the clutter and gives me only the time stamps.
Thank You
# 5  
Old 06-23-2008
Hershey,

The bpf language obviates the need for a text file with separate addressing.
You can use the tcpdump -r filename 'bpf expression here' -tttt for your purposes
and excise the packet dump data via sed, awk, etc...
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Searching files

i want to search a file bt it not happening i m using #!bin/bash read file if (-e "$file") then echo "asfsafafa" else echo "NO SUCH FILE" fi ....error ./VMC.sh: line 5: : command not found NO SUCH FILE ;;;;;;;;;; its giving correctly no such file found but whats is command not found. (7 Replies)
Discussion started by: console
7 Replies

2. Shell Programming and Scripting

Searching across multiple files if pattern is available in all files searched

I have a list of pattern in a file, I want each of these pattern been searched from 4 files. I was wondering this can be done in SED / AWK. say my 4 files to be searched are > cat f1 abc/x(12) 1 abc/x 3 cde 2 zzz 3 fdf 4 > cat f2 fdf 4 cde 3 abc 2... (6 Replies)
Discussion started by: novice_man
6 Replies

3. UNIX for Advanced & Expert Users

Searching for files

Hi, I have the following command to list files beginning with a specific name and containing some text... find . -type f -name "dm_merge_domain_adm*" -exec grep -il "Error Message:" '{}' \; -print|xargs ls -ltr It works fine, but seems to list two of each file, when they only exist once...any... (1 Reply)
Discussion started by: chrislluff1976
1 Replies

4. Shell Programming and Scripting

Files searching

I have a list of files in directory and i should write a script if any of these files contains words given in a text file test.txt. the words can be case ignored and word should match. The output should be the name of the directory in which the file is present followed by list of file names Eg:... (1 Reply)
Discussion started by: kinny
1 Replies

5. Programming

Process multiple pcap files at once

Hi all, I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture. I currently have handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf"); which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Discussion started by: lancer6238
0 Replies

6. UNIX for Dummies Questions & Answers

Filtering pcap files

Hi, I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (1 Reply)
Discussion started by: hershey101
1 Replies

7. Shell Programming and Scripting

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

8. UNIX for Advanced & Expert Users

Searching Files

Hi, I have a file /db01/dat/march 2006/7001DW06.03B Please note, between "march 2006" there is a space/tab. While running the following script, it identifies /db01/dat/march ----> as first file 2006/7001DW06.03B ---> as second file. SRC_PATH = /db01/dat SEARCH_FILENAME =... (12 Replies)
Discussion started by: ronald_brayan
12 Replies

9. Programming

pcap.h

I cant use pcap.h include file. How can I do so? :confused: (8 Replies)
Discussion started by: Pervez Sajjad
8 Replies

10. UNIX for Dummies Questions & Answers

Searching files..?

hi there can anyone tell me how to search and copy files under unix? im writing shell scripts with 'vi' and 'pico' something like read directoryName if then echo Copying the files copy those *.src files to sub1(another directory) using cp else ... (4 Replies)
Discussion started by: nickaren
4 Replies
Login or Register to Ask a Question