Hi, alex,
Did you try to compare your result with other program such as Ethereal?
I met difference.
My tcpdump command is similar to yours:
tcpdump -v -r host1.tcpdump | grep "len" | sed s/.*len// | cut -d ')' -f 1 | awk
'{sum+=$1;print sum}' | tail -1
The host1.tcpdump file is the already dumped file with all tcp packets. The above
command returned 713596 bytes, but when I use ethereal to get the summary, its 800697
bytes. And another software also showed 800697 bytes.
Where is the potential problem by using that tcpdump filter?
WC
----- Original Message -----
From: alex medvedev <[EMAIL PROTECTED]>
Date: Monday, March 8, 2004 6:56 pm
Subject: Re: [tcpdump-workers] how to get total packets length by tcpdump
> hi,
>
> this is a very rough regex and you may have to tweak it but it
> worked for
> me :)
>
> # tcpdump -v -r tcpdump-raw.dump tcp | grep "length:" |grep -v
> "^[^0-9]" | sed s/.*length:// | cut -d')' -f 1 | awk '{sum+=$1; print
> sum}'
>
> all in one line.
> the last number is the answer.
>
> -alexm
> 17:51 08/03/2004
>
> On Mon, 8 Mar 2004 [EMAIL PROTECTED] wrote:
>
> > Greetings,
> >
> > Is there any simple way to calculate the total length (in bytes)
> of all tcp packets in a tcpdump file? I mean, is it possible that
> I can do this by adding some options to tcpdump?
> >
> > WC
> >
> > -
> > This is the TCPDUMP workers list. It is archived at
> > http://www.tcpdump.org/lists/workers/index.html
> > To unsubscribe use mailto:tcpdump-workers-
> [EMAIL PROTECTED]>
>
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:tcpdump-workers-
> [EMAIL PROTECTED]
>
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
