tcpdump mailing list archives

Re: tcpdump reassembly (imp)

From: "Steve Bonds" <pow7yec02 () sneakemail com>
Date: Thu, 1 May 2003 14:00:51 -0700 (PDT)

On Thu, 1 May 2003, Vaidehi Kasarekar vaidehi_30-at-yahoo.com |TCPdump Workers| wrote:

I have got a tcpdump capture file. (Packets captured
by tcpdump -w option). 
I want to know if there is any program/code/utility
which will use tcp connection management and
reassemble all the TCP conections.


Depending on what you mean by "reassemble" you could use "tcptrace".  You
can get more information from:

http://irg.cs.ohiou.edu/software/tcptrace/tcptrace.html

My most common usage:

"tcptrace -l <tcpdump file>"
Prints lots of statistics on each TCP connection found in the dump file

"tcptrace -e -O<connection number> <tcpdump file>"
Extract the contents of a single TCP connection

I may have the syntax on that second one wrong, so double check.

  -- Steve


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

tcpdump reassembly (imp) Vaidehi Kasarekar (May 01)
- Re: tcpdump reassembly (imp) Steve Bonds (May 01)
- libpcap question. Matt Comb (May 13)