tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Translation of IP addresses in a tcpdump file.

From: John Fastabend <jfastabe () up edu>
Date: Wed, 28 May 2003 22:47:09 -0700 (PDT)
Hello,

if you have *nix os take a look at sed it should be able to do what you 
are talking (#man sed    for the documentation). This should work for you 
maybe im off base though.

 On Wed, 28 May 2003, Vaidehi Kasarekar wrote:


Hello,

  I want to edit a tcpdump file. I want to replace
some addresses by some other addresses and delete rest
of the addresses, present in the tcpdump file. I did a
considerable amount of research on the available
tools. I found netdude useful. But netdude does not
support large files. My tcpdump files are very large.
I did not find any other tools, which could translate
these ip addresses.

  I am aware that all the tools use the libpcap API's.
The alternative to my problem would be to write code,
which will read tcpdump file. Get it in a buffer,
search for the ipaddress-to-be-replaced, replace them
with different ip adrresses. 

This is a very preliminary step of my research and i
am  a java-girl. i am not that comfortable with the
libpcap format. My research depends on this step. I am
not even sure of how difficult this task can be. This
is a very imp step for me.

Has anybody got this problem earlier? Can i find
some code/references to do this.

Any pointers or hints in this direction will be very
useful.

Thanks
-Vaidehi

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe



-- 
--
"Dependence on computers is apparently making a significant fraction
of the population incurably stupid." -- Fritz Whittington

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: