Re: tcpdump printout (machine readable vs. human

[Guy Harris <guy () alum mit edu>]

Jason Duan wrote:

> When I ran "tcpdump -r tcpdump.log", the output is more or less 
> "human readable" but it is not so good for machine reading (for 
> example extracting packet size etc). I am not sure if I am missing 
> something in the command line or tcpdump does not print in machine 
> readable format. (For example, the route_btoa for BGP updates could
> print both formats.)

Tcpdump doesn't print in any format designed specifically to be read by 
software rather than by people.

Tethereal:

        http://www.ethereal.com/

(the ".com" nonwithstanding, it's GPL'ed free software) can read 
libpcap-format captures (libpcap format is the native format of both 
tcpdump and Ethereal/Tethereal), and can write out files in PDML format:

        http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm

which might, in some ways, be more "machine-readable", in the sense that 
it's structured to be read by software rather than by people (although 
it's XML-based, so it requires some amount of machinery to read).
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.