Date: Tue, 18 Nov 2008 13:41:05 -0800 From: David Wolfskill <david@catwhisker.org> To: Eduardo Meyer <dudu.meyer@gmail.com> Cc: stable@freebsd.org Subject: Re: tcpdump(1) filter by date Message-ID: <20081118214105.GL83287@bunrab.catwhisker.org> In-Reply-To: <d3ea75b30811181330o61fd850du440d9db0790bf1af@mail.gmail.com> References: <d3ea75b30811181330o61fd850du440d9db0790bf1af@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
[Cross-post to -questions elided, since I saw the message on -stable,
and I'd like to discourage gratuitous cross-posting. dhw]
On Tue, Nov 18, 2008 at 07:30:39PM -0200, Eduardo Meyer wrote:
> Hello,
>
> I have a kind big tcpdump file, which has data from the last week. I
> want to dump information based on date. Can I do it without generating
> a full output and later parse the headers?
See the port net/tcpslice.
Here's an excerpt from its man page:
DESCRIPTION
Tcpslice is a program for extracting portions of packet-trace files
generated using tcpdump(l)'s -w flag. It can also be used to merge
together several such files, as discussed below.
...
There are a number of ways to specify times. The first is using Unix
timestamps of the form sssssssss.uuuuuu (this is the format specified
by tcpdump's -tt flag). For example, 654321098.7654 specifies 38 sec-
onds and 765,400 microseconds after 8:51PM PDT, Sept. 25, 1990.
> ...
Peace,
david
--
David H. Wolfskill david@catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iEYEARECAAYFAkkjNnAACgkQmprOCmdXAD1wiQCdGdBu3145Hm09q14bxjd5Wz0e
d2AAn1m+ljS+GyUYKSG3wBIjnhUGcLX7
=rVbH
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081118214105.GL83287>