Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: tcpdump output

From: "Vogels, Mark" <mvogels () amgen com>
Date: Mon, 6 Nov 2006 14:03:28 -0800 
Dear Francois,

You should be able to do such a thing using wireshark (formerly known as
ethereal) and editcap (distributed with wireshark). 
I'm not able to doublecheck it at this time, but wireshark has some powerful
filtering options. If that doesn't work, you can always select the range of
packets you want and store them in a different capture file.

With kind regards,

Mark Vogels
    

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Francois Yang
Sent: maandag 6 november 2006 18:01
To: security-basics () lists securityfocus com
Subject: tcpdump output

I'm trying to get tcpdump to only show me the events that happened for one
day and have that result put into a new tcpdump file.
I have a file call logfile and I had snort log to it in tcpdump format over
the weekend.
Now I want to only show the events for Sat Nov4.
I can do "tcpdump -ttttr logfile | grep  "2006-11-04"" and it will show me
what I want.
But I want this output to be put back into a tcpdump file so I can do some
analys.
How can I do that? If I do a "tcpdump -ttttr logfile | grep "2006-11-04" >>
newlogfile"
It will put the info into the new file, but it won't be in the tcpdump
format anymore and I won't be able to do stuff with it beside reading it in
the format it was dumped.
any suggestions? anyways to do it with snort? OR am I stuck with what I get
now?

Thank you.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in Information
Security. Our program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: