On Wed, 10 Nov 2004 11:57:51 +0800, Miguel A Paraz <[EMAIL PROTECTED]> wrote: > tcpdump -s 0 -w outfile net 10.0.0.0/8 192.168.0.0/16 > > '-s 0' is to dump the complete payload and not just headers. > > I need a text-mode only way to show the top source/dests on > this file, and the size.
-w <filename> to dump the packets to a file. -r <filename> to read the packets from a file. when you -r them, you can specify different output parameters, so you can print just the source/dest, for instance, e.g., with -e which will print only the link level header, which is going to be pretty easy to grab source/destination and port information from. which seems to be what you want to do. NOTE: i've used tcpdump a bit, but it's been a while, i tend to use ethereal more. so those options above (-w, -r, -e) are from reading the man page, not from actually using them :). i just remembered them from when i read the man page a few years ago :). tiger -- Gerald Timothy Quimpo http://bopolissimus.sni.ph [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Mene sakhet ur-seveh -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
