Security Basics mailing list archives
RE: tcpdump output
From: "Vogels, Mark" <mvogels () amgen com>
Date: Mon, 6 Nov 2006 14:03:28 -0800
Dear Francois, You should be able to do such a thing using wireshark (formerly known as ethereal) and editcap (distributed with wireshark). I'm not able to doublecheck it at this time, but wireshark has some powerful filtering options. If that doesn't work, you can always select the range of packets you want and store them in a different capture file. With kind regards, Mark Vogels -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francois Yang Sent: maandag 6 november 2006 18:01 To: security-basics () lists securityfocus com Subject: tcpdump output I'm trying to get tcpdump to only show me the events that happened for one day and have that result put into a new tcpdump file. I have a file call logfile and I had snort log to it in tcpdump format over the weekend. Now I want to only show the events for Sat Nov4. I can do "tcpdump -ttttr logfile | grep "2006-11-04"" and it will show me what I want. But I want this output to be put back into a tcpdump file so I can do some analys. How can I do that? If I do a "tcpdump -ttttr logfile | grep "2006-11-04" >> newlogfile" It will put the info into the new file, but it won't be in the tcpdump format anymore and I won't be able to do stuff with it beside reading it in the format it was dumped. any suggestions? anyways to do it with snort? OR am I stuck with what I get now? Thank you. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- tcpdump output Francois Yang (Nov 06)
- Re: tcpdump output Chris Buckley (Nov 07)
- Re: tcpdump output Isaac Perez (Nov 07)
- <Possible follow-ups>
- RE: tcpdump output Vogels, Mark (Nov 07)