It is trivial, to take a tcpdump-generated file and subdivide it, i.e.
tcpdump -r dumpfile -w outfile.1 'host 192.168.1.1'
tcpdump -r dumpfile -w outfile.2 'host 192.168.1.2'
; is there a way to make the -w (or some other) option append to an
existing outfile, or concatenate results? E.g. one of
tcpdump -r dumpfile1 dumpfile2 -w outfile.1 'host 192.168.1.1'
tcpdump -r dumpfile1 -r dumpfile2 -w outfile.1 'host 192.168.1.1'
might sift out all packet to/from 192.168.1.1 from *both* dumpfile1
and dumpfile2,
and write them to outfile 1, or
tcpdump -r dumpfile1 -w outfile.1 'host 192.168.1.1'
followed by one of
tcpdump -r dumpfile2 -w outfile.1 'host 192.168.1.1'
tcpdump -r dumpfile2 -ww outfile.1 'host 192.168.1.1'
to concatenate the matching data from dumpfile2 onto the existing
data in outfile.1 sifted out of dumpfile1 ?
Thanks for any info,
-g
Glenn Forbes Fleming Larratt
Rice University Network Management
[EMAIL PROTECTED]
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
