> Thank you very much for your kind reply. The difficulty in my case is > that I only have access to TCPDUMP's ASCII output, the "playback" of a > pcap trace, of the following form: > > ... > 1068290793.846948 X.X.X.X.Y > X.X.X.X.Y: udp 116 (DF) (ttl 46, id 0, len > 144) > 1068290793.851850 X.X.X.X.Y > X.X.X.X.Y: P [tcp sum ok] > 723881836:723881848(12) ack 2144666878 win 57848 <nop,nop,timestamp > 2895874309 1272161798> (DF) (ttl 42, id 42545, len 64) > ... > > which I must convert back into the original, binary libpcap trace. It > is admittedly a bit different from converting a hex pcap dump. > > Would you happen to know of any tools that could help me?
Hi, If it is just one line per frame then I think that it is impossible to get the information back to a tcpdump file. There is so much infomation lost from the original capture file to the summary printout of 1 line per packet, so it is normally not possible to recreate the original capture file from the printout in that case. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
