On Wed, 20 Feb 2002 15:51:32 Guy Harris wrote: > On Wed, Feb 20, 2002 at 11:53:53PM +1100, Ronnie Sahlberg wrote: > > As i stated earlier, > > tethereal is stateful, i.e. in order to dissect quite a lot of different > > protocols it must remember stuff between packets. > > Of course, if you're just using "-w" and not using a read filter, it > doesn't bother dissecting the packets. > > Unfortunately, I think he's *not* using "-w", but is piping the text > output of Tethereal to some flavor of grep, so it does have to dissect > the packets. >
Using gdb on the core file, one could actually extract the current packet from the core file. I'm working on a script to do that. Instead of using 'expect' to interact with gdb, I intend to call gdb a few times, each time passing it a --command switch, giving it a file of commands to run. I should be able to get the packet and save it either as a text file for text2pcap to convert, or as a libpcap file. --gilbert
