Re: [tcpdump-workers] Trace conversion.
Hi Paul,
i think this will accomplish what you want:
# tcpdump -ln ip| awk '{print $1,,, $5}' | sed 's/\.[0-9]*:$//'
this won't work with icmp though...
-alexm
16:11 17/09/2004
On Fri, 17 Sep 2004, Paul Berube wrote:
Hi.
I think I have a simple problem, but I can't seem to find a simple
solution... First, let me say that I know very little in the networks
field, that I'm working under Cygwin and Linux, and that I don't have root
access.
Ok. I have a couple traces in tcpdump format. What I actually need is
just a list of destination addresses for the trace. I might be able to
use a timestamp if I got really fancy, but it's not required. So,
precisely, for each packet in the trace, in chronological order, I
want a ts,dest_ip pair. That's it.
I suspect this wouldn't be too hard if the tcpdump format was specified,
but if it is, I can't find such a document.
If anyone could point me in the right direction here, that would be super.
Thanks!
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Trace conversion.
i think this will accomplish what you want:
# tcpdump -ln ip| awk '{print $1,,, $5}' | sed 's/\.[0-9]*:$//'
The output looks fantastic, nearly exactly the format I wanted!
One question, though. I see h.m.s:ms, a.b.c.d.x:, and I'm wondering
what the 'x' is? By the frequent occurences of 80, I'm guessing these are
port numbers, but I'd like to be sure :)
this won't work with icmp though...
That's fine, I'm only interested in IP traffic.
Thanks so much, you're terrific!
--Paul
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Trace conversion.
On Sep 17, 2004, at 3:20 PM, Paul Berube wrote: One question, though. I see h.m.s:ms, a.b.c.d.x:, and I'm wondering what the 'x' is? By the frequent occurences of 80, I'm guessing these are port numbers, but I'd like to be sure :) Yes. this won't work with icmp though... That's fine, I'm only interested in IP traffic. Presumably you mean IP traffic other than ICMP traffic, as ICMP traffic *is* IP traffic. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Trace conversion.
-BEGIN PGP SIGNED MESSAGE- Paul == Paul Berube [EMAIL PROTECTED] writes: Paul Ok. I have a couple traces in tcpdump format. What I Paul actually need is just a list of destination addresses for the Paul trace. I might be able to use a timestamp if I got really Paul fancy, but it's not required. So, precisely, for each packet Paul in the trace, in chronological order, I want a ts,dest_ip Paul pair. That's it. tcpdump -n -r file You can probably very quickly write a sed or perl script to pull out the data you want. Paul I suspect this wouldn't be too hard if the tcpdump format was Paul specified, but if it is, I can't find such a document. get libpcap source, and read pcap.h and pcap.3 - -- ] Elmo went to the wrong fundraiser - The Simpson | firewalls [ ] Michael Richardson,Xelerance Corporation, Ottawa, ON|net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic(Just another Debian GNU/Linux using, kernel hacking, security guy); [ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQUvDAIqHRg3pndX9AQGTxwP/R+vkTaRP3AAyaH6nb/4qzeTUyAMCTLkO 0WlBlvDHFZNqoBjB6vlr6eg+ICF3JIImeHg9rtl77CW36m1vFfQQN5CXtcgdwKJw j/5FW7ifEociYjMwrurP9lS4n/fl8SFRlHroxtP8VBRVsWZiBLrGjrhMMZDxhJ6b 287NchFLy+A= =Lr/w -END PGP SIGNATURE- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
