[Cross-post to -questions elided, since I saw the message on -stable, and I'd like to discourage gratuitous cross-posting. dhw]
On Tue, Nov 18, 2008 at 07:30:39PM -0200, Eduardo Meyer wrote:
> Hello,
>
> I have a kind big tcpdump file, which has data from the last week. I
> want to dump information based on date. Can I do it without generating
> a full output and later parse the headers?
See the port net/tcpslice.
Here's an excerpt from its man page:
DESCRIPTION
Tcpslice is a program for extracting portions of packet-trace files
generated using tcpdump(l)'s -w flag. It can also be used to merge
together several such files, as discussed below.
...
There are a number of ways to specify times. The first is using Unix
timestamps of the form sssssssss.uuuuuu (this is the format specified
by tcpdump's -tt flag). For example, 654321098.7654 specifies 38 sec-
onds and 765,400 microseconds after 8:51PM PDT, Sept. 25, 1990.
> ...
Peace,
david
--
David H. Wolfskill [EMAIL PROTECTED]
Depriving a girl or boy of an opportunity for education is evil.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
pgpNRVkMlb8bk.pgp
Description: PGP signature
