Re: pcap flow extraction

["SilentRunner" <silentrunner () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

yeah, we get this problem in win32 all the time - notepad drops
it's knickers everytime it sees a large file and the OS almost
locks up waiting for a response.

To solve the problem I pre-process the file with scripts written in
VBScript. You can easily write a script to skim off the first few
kb of the file so you can work out the file format and then use
that to parse out the entire file, only writing out the bit's you
are interested in to a far smaller file.

Alternatively, you can have your script write out all the data in a
format that can be BCP'd into a DB that can handle big recordsets
and then run SELECT statements as you like to get the data out.

Cheers

SR


On Thu, 06 Dec 2007 07:35:42 +0000 "Ivan ." <ivanhec () gmail com>
wrote:
> Hi,
>
> Does anyone have any ideas for flow information extraction from a
> rather
> large pcap file, 6 gigs?
<snip>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkdXrlcACgkQBGNKW24YMAfHKgP+NHbW8qhT3mtM7QjyNCAMX1PYLCGF
aEfPAvx0Fa+JLGS2bDwzgnCulSgQNABHzVk7zPBteM+yp8LKl3SyiadabBYKm4dmwIze
YtdcAsJn94JPkT6Ml8uJnB148lOru1RAgdWcP7Kdmx3oJLBRrxSYMmcyUwY9dStSQz1j
zW9OG58=
=YbLB
-----END PGP SIGNATURE-----


--
Get educated.  Click here for Adult Education programs.
http://tagline.hushmail.com/fc/Ioyw6h4eS1xh6WOPMnVv8VKZtrNsqBpZU6PQYAoUx0FOsJpzLnvaGk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/