Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Nov 2008 13:41:05 -0800
From:      David Wolfskill <david@catwhisker.org>
To:        Eduardo Meyer <dudu.meyer@gmail.com>
Cc:        stable@freebsd.org
Subject:   Re: tcpdump(1) filter by date
Message-ID:  <20081118214105.GL83287@bunrab.catwhisker.org>
In-Reply-To: <d3ea75b30811181330o61fd850du440d9db0790bf1af@mail.gmail.com>
References:  <d3ea75b30811181330o61fd850du440d9db0790bf1af@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--GD0jJf8rm+K0B4Sk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

[Cross-post to -questions elided, since I saw the message on -stable,
and I'd like to discourage gratuitous cross-posting.  dhw]

On Tue, Nov 18, 2008 at 07:30:39PM -0200, Eduardo Meyer wrote:
> Hello,
>=20
> I have a kind big tcpdump file, which has data from the last week. I
> want to dump information based on date. Can I do it without generating
> a full output and later parse the headers?

See the port net/tcpslice.

Here's an excerpt from its man page:

DESCRIPTION
       Tcpslice  is  a  program  for extracting portions of packet-trace fi=
les
       generated using tcpdump(l)'s -w flag.  It can also  be  used  to  me=
rge
       together several such files, as discussed below.
=2E..
       There  are  a number of ways to specify times.  The first is using U=
nix
       timestamps of the form sssssssss.uuuuuu (this is the  format  specif=
ied
       by  tcpdump's -tt flag).  For example, 654321098.7654 specifies 38 s=
ec-
       onds and 765,400 microseconds after 8:51PM PDT, Sept. 25, 1990.

> ...

Peace,
david
--=20
David H. Wolfskill				david@catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.

--GD0jJf8rm+K0B4Sk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkjNnAACgkQmprOCmdXAD1wiQCdGdBu3145Hm09q14bxjd5Wz0e
d2AAn1m+ljS+GyUYKSG3wBIjnhUGcLX7
=rVbH
-----END PGP SIGNATURE-----

--GD0jJf8rm+K0B4Sk--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081118214105.GL83287>