On Tue, Jul 03, 2001 at 03:40:03PM -0700, Joe Amici wrote:
> So, effectively is there a way to split the savefile
> into smaller savefiles (also binary) based on some
> filtering criterion ?
tcpdump -r {original savefile} -w {other savefile} {filter expression}
will read the original savefile and write to another savefile the
packets matched by the filter expression, e.g.
tcpdump -r big-capture -w arp-from-big-capture arp
will write to "arp-from-big-capture" those packets from "big-capture"
that are ARP packets.
The filtering criterion must be a filter expression of the sort
supported by tcpdump.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
