tcpdump mailing list archives
Re: gzip and tcpdump...
From: <arbon () elxsi de>
Date: Thu, 27 Feb 2003 06:34:11 +0100 (CET)
Attached is are the patched version of libpcap-0.7.1 pcap.c and savefile.c. It gives libpcap/tcpdump the option to _read(only for now)_ gzipped files. uncompressed .pcap: [root@lektor tcpdump-3.7.1]# ./tcpdump -r /root/pcapdumps/zlip-3.pcap 18:49:41.123062 10.0.0.1.1024 > 146.84.28.88.domain: 65483[|domain] compressed .gz: [root@lektor tcpdump-3.7.1]# ./tcpdump -r /root/pcapdumps/zlip-1.pcap.gz 18:47:11.643199 10.0.0.1.1024 > 146.84.28.88.domain: 60777 Type49159 (Class 49168)? <LOOP>[|domain] No special option is needed! It should be also to add a writing gzip option, but i didn't coded it for now, maybe someone other will do it :-). The HAVE_LIBZ_SUPPORT define, should be set in the configure.in scripts of libpcap - in the patched versions i set it in the pcap.c and savefile.c per hand. To compile tcpdump you must add -lz to the linker. Maik
Attachment:
libpcap-0.7.1-gzip.tar.gz
Description:
Current thread:
- Re: gzip and tcpdump..., (continued)
- Re: gzip and tcpdump... Matt Bing (Feb 25)
- Re: gzip and tcpdump... Guy Harris (Feb 25)
- Re: gzip and tcpdump... Darren Reed (Feb 26)
- Re: gzip and tcpdump... Guy Harris (Feb 26)
- Re: gzip and tcpdump... John Hawkinson (Feb 26)
- Re: gzip and tcpdump... Matt Bing (Feb 26)
- Re: gzip and tcpdump... Guy Harris (Feb 25)
- Re: gzip and tcpdump... Matt Bing (Feb 25)
- Re: gzip and tcpdump... Rob Braun (Feb 25)
- RE: gzip and tcpdump... Fulvio Risso (Feb 25)