tcpdump mailing list archives

Re: Tools for stripping parts of a pcap file?

From: Luis Martin Garcia <luis.mgarc () gmail com>
Date: Sun, 13 May 2007 17:59:48 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, you can open your pcap file with Wireshark (ethereal), select
the packets you want using the filter and saving them using the
standard "save as" option.

Is it enough or you need something more "scriptable" that can be done
from the command-line?


Luis,

sthaug () nethelp no wrote:

Does anybody know of a good tool for stripping parts of the packets in
a pcap file? Say I have a pcap file containing GRE encapsulated info,
and I want to strip the outer IP + GRE headers and leave the rest,
writing out the result to another (valid) pcap file - which should of
course be readable by tcpdump and other libpcap-based tools.

Steinar Haug, Nethelp consulting, sthaug () nethelp no
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGR0QEMi/lqD03xGARAvebAJ9orSznaLri5dbN9u6udq2q6cb4/gCfcChH
pvLTvQr9axwJ0fW05EopXdk=
=n4c7
-----END PGP SIGNATURE-----

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Tools for stripping parts of a pcap file? sthaug (May 13)
- Re: Tools for stripping parts of a pcap file? Luis Martin Garcia (May 13)
  - Re: Tools for stripping parts of a pcap file? Guy Harris (May 13)
  - Re: Tools for stripping parts of a pcap file? sthaug (May 13)
    - Re: Tools for stripping parts of a pcap file? Luis Martin Garcia (May 13)
    - Re: Tools for stripping parts of a pcap file? Bruce M. Simpson (May 13)