Wireshark mailing list archives
Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory
From: Phil_Deming () mechanicsbank com
Date: Fri, 1 Oct 2010 04:13:20 -0700
Your rapid reply shocked me. It's 3:30am here. The same results outside of the script from command line: tcpdump -r core2_04322.pcap src net172.16.22.173 dst net 192.168.12.22>>filtered.pcap The result is: "tcpdump -r core2_04322.pcap src net172.16.22.173 dst net 192.168.12.22>>filtered.pcap: Permission denied" Inside the Script named "project3" and chmod to 755. ls -al shows me root is the owner of all .pcap files and they are chmod 777 I run: sudo ./project3 for file in /traces3/*;do tcpdump -r$file src net172.16.22.173/x dst net 192.168.12.22/y>> $file.filtered done I get: tcpdump: /traces3/core2_04320.pcap: Permission denied tcpdump: /traces3/core2_04321.pcap: Permission denied tcpdump: /traces3/core2_04322.pcap: Permission denied tcpdump: /traces3/core2_04323.pcap: Permission denied Re: [Wireshark-users] Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Estanislao Gonzalez to: Phil_Deming 10/01/2010 03:48 AM Cc: wireshark-users Well aparently it should: http://ubuntuforums.org/showthread.php?t=527976 what's the error exactly and does tcpdump breaks when run only inside the script or always? On 10/01/2010 12:44 PM, Phil_Deming () mechanicsbank com wrote:
Thanks for staying with me. I did sudo. Is that not good enough? Re: [Wireshark-users] Scripts for filtering a directory file captures
to
only include specific Subnet packets in new files in a new directory Estanislao Gonzalez to: Phil_Deming 10/01/2010 03:08
AM
Cc: wireshark-users As far as I know you need to be root to run tcpdump, and it's not because of the program but because the program needs to access the
kernel.
On 09/30/2010 10:58 PM, Phil_Deming () mechanicsbank com wrote:Estani, thank you so much for getting me started. That was Great Help ! but now: The Script ran perfectly with the obvious changes needed ! I new the Script was working, B U T, tcpdump comes back with Permission Denied. I chmod to 777 and 755 with no effect. I ran it on Ubuntu 9.10 and 10.04, same results. I googled it and did
the
9.04 fix and it didn't fix it. (aa-complain /usr/sbin/tcpdump - This will change it to complain) (aa-enforce /usr/sbin/tcpdump - This will renable the AppArmorprofilefor tcpdump) When I changed the Script to use tshark it ran perfectly and gave good results. What do I do to fix tcpdump on Ubuntu? Re: [Wireshark-users] Scripts for filtering a directory file
captures
toonly include specific Subnet packets in new files in a new directory (Document link: Phil Deming) Phil Deming to: Estanislao Gonzalez 09/29/2010
09:25
AMThanks. I'll try it now. Phil Re: [Wireshark-users] Scripts for filtering a directory file
captures
toonly include specific Subnet packets in new files in a new
directory
Estanislao Gonzalez to: Community support list for Wireshark 09/29/2010
07:42
AMCc: Phil_Deming From: Estanislao Gonzalez<estanislao.gonzalez () zmaw de> To: Community support list forWireshark<wireshark-users () wireshark org>Cc: Phil_Deming () mechanicsbank com Hi Phil, I think you could use something like: for file in second_dir/*; do tcpdump -r $file src net a.a.a.a/x dst net b.b.b.b/y>>$file.filtereddone You could join all resulting files for a given amount of time with tcpslice if that simple append does not do the trick. I haven't tested this out, but it should give you a clue as to where to go from this point. Cheers, Estani On 09/29/2010 12:04 AM, Phil_Deming () mechanicsbank com wrote:I am running Ubuntu 9.10 Server and am collecting packets
with
TShark 1.4 from about 40 Subnets (Offices) traversing my aggregation Subnet (the Datacenter). There are 9000 64meg files collected per day before overwriting begins. When a Network question arises, I copy the 1to3 hours of files to a 2nd Directory so that they won't be overwritten later. That's about 180+ 64 meg files. I need to filter all of the files in the 2nd Directory to
create
newfiles only containing packets from 1 to 4 transmitting or receiving Subnets. I need all of the IPs from each subnet. Next, want to see the "Top Talkers" during this period. Thatshouldbe the easy part. I presume grep, bash, awk editcap, tshark, tcpdump are thetools.Cansomeone get me started with some scripts / examples? We commit our personal best to you, every day! The information transmitted may contain confidential material and isintended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of or taking of any action by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please delete the information from your system and contact the sender.
___________________________________________________________________________
Sent via: Wireshark-users mailing
list<wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-usersmailto:wireshark-users-request () wireshark org?subject=unsubscribe -- Estanislao Gonzalez Max-Planck-Institut für Meteorologie (MPI-M) Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany Phone: +49 (40) 46 00 94-126 E-Mail: estanislao.gonzalez () zmaw de We commit our personal best to you, every day! The information transmitted may contain confidential material and isintended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of or taking of any action by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please delete the information from your system and contact the sender. -- Estanislao Gonzalez Max-Planck-Institut für Meteorologie (MPI-M) Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany Phone: +49 (40) 46 00 94-126 E-Mail: estanislao.gonzalez () zmaw de We commit our personal best to you, every day! The information transmitted may contain confidential material and is
intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of or taking of any action by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please delete the information from your system and contact the sender.
-- Estanislao Gonzalez Max-Planck-Institut für Meteorologie (MPI-M) Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany Phone: +49 (40) 46 00 94-126 E-Mail: estanislao.gonzalez () zmaw de We commit our personal best to you, every day! The information transmitted may contain confidential material and is intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of or taking of any action by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please delete the information from your system and contact the sender. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Estanislao Gonzalez (Oct 01)
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Phil_Deming (Oct 01)
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Estanislao Gonzalez (Oct 01)
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Phil_Deming (Oct 01)
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Estanislao Gonzalez (Oct 01)
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Phil_Deming (Oct 01)