Date: Sat, 3 Nov 2007 23:20:33 -0700 From: Doug Hardie <bc979@lafn.org> To: deeptech71@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: reverse grep Message-ID: <5F99BE99-A5BA-4B07-83C1-5EE57C12E9F9@lafn.org> In-Reply-To: <472D2FFB.5050204@gmail.com> References: <472D2FFB.5050204@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 3, 2007, at 19:35, deeptech71@gmail.com wrote: > heh > I've read (kind of skimmed) the grep man page but i seem to have > missed the -v for some reason ^^ The use of grep -v will work as long as the tcpdump output is limited to one line per packet. However, some of the tcpdump options produce multiple lines per packet. Those will appear to be jumbled as the initial line for the packet will not be included but the following lines will. The best approach to using tcpdump in these situations is to use the -w option to write the raw data to a file. Then use the -r to read it back in and filter using the tcpdump filters which do include the not function. That way if you don't get what you need, you can try again on the same data.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F99BE99-A5BA-4B07-83C1-5EE57C12E9F9>