Re: Tcpdump: ASCII -> binary trace conversion,any tools?

["Martin Regner" <martin.regner () chello se>]

> Thank you very much for your kind reply.  The difficulty in my case is
> that I only have access to TCPDUMP's ASCII output, the "playback" of a
> pcap trace, of the following form:
>
> ...
> 1068290793.846948 X.X.X.X.Y > X.X.X.X.Y: udp 116 (DF) (ttl 46, id 0, len
> 144)
> 1068290793.851850 X.X.X.X.Y > X.X.X.X.Y: P [tcp sum ok]
> 723881836:723881848(12) ack 2144666878 win 57848 <nop,nop,timestamp
> 2895874309 1272161798> (DF) (ttl 42, id 42545, len 64)
> ...
>
> which I must convert back into the original, binary libpcap trace.  It
> is admittedly a bit different from converting a hex pcap dump.
>
> Would you happen to know of any tools that could help me?


Hi,

If it is just one line per frame then I think that it is impossible to get
the information back to a tcpdump file.

There is so much infomation lost from the original capture file to the
summary printout of 1 line per packet, so
it is normally not possible to recreate the original capture file from the
printout in that case.





-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe