Re: tcpdump filtering query

[José María González <chema () cs berkeley edu>]

Andrew, 

if you want tcpdump to only print specific fields, 
you may want to take a look at ipsumdump. 

http://www.icir.org/kohler/ipsumdump/

Regards. 
-Chema



Andrew Gebhardt wrote:
> Hello,
>
> I am sorry you bother members of this mailing list but I have a question
> regarding the best way to certain filter fields out of standard tcpdump
> output (ascii format).
>
> Currently, I use the awk command to remove certain fields from the tcpdump
> output file.  For example:
>
> cat tcpdumpfile | awk -F. '{print
> $1"."$2"."$3"."$4"."$5,$6"."$7"."$8"."$9,$10}' | awk -F" " '{print
> $1,$2,$3,$5,$6,$7}' | awk -F: '{print $1$2}' > output
>
> Is there a way to filter fields using an expression with the tcpdump
> command?  Or is there a more efficient method of filtering fields out of the
> tcpdump output than using awk?
>
> Any comments would be greatly appreciated,
>
> Andrew Gebhardt
>
> ajgebha () omnisig com
> ajgebha () hotmail com
> 65 Lakefront Drive
> Hammonds Plains, Nova Scotia
> B4B 1L4
> (902) 832-5421
>
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe