Hello,
I have a kind big tcpdump file, which has data from the last week. I
want to dump information based on date. Can I do it without generating
a full output and later parse the headers?
Say, I want to filter by date in the expression filter and not with
tcpdump -r dumpfile | awk
[Cross-post to -questions elided, since I saw the message on -stable,
and I'd like to discourage gratuitous cross-posting. dhw]
On Tue, Nov 18, 2008 at 07:30:39PM -0200, Eduardo Meyer wrote:
Hello,
I have a kind big tcpdump file, which has data from the last week. I
want to dump information
I don't know whether or not this has been fixed, but I found that I had to
recompile tcpslice and/or tcpdump to deal with files larger than 4 gig (or
maybe 2 gig). I suppose it's a better situation than wireshark. After a
few million packets, it falls over because it makes the widgets in the
