tcpdump mailing list archives

Re: jump to a packet flag

From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 2 Jul 2004 09:58:24 +1000 (EST)

In some email I received from alex medvedev, sie wrote:

hallo,

any interest in having a -j flag in tcpdump?

the flag would simply jump over the specified number of packets.
it may be useful when reading dumps with -r flag.
it may also be useful in conjuction with -c flag to isolate certain
interval from a dump.

a callback function called spin() could added that would be invoked when a
-j flag is specified.
something like this:


I think you're better off over-using the '-c' command line option.

e.g.
tcpdump -c 100
    print the first 100 packets
tcpdump -c 100:
    print packets from 100 onwards
tcpdump -c 100:200
    print packets from 100 to 200
tcpdump -c 10:20,40:50
    or
tcpdump -c 10:20 -c 40:50
    print packets 10-20 and 40-50

but what would you want this to do:
tcpdump -c 1,3,5,7,9,11,13,15,17

should that automatically "fill out" to be:
tcpdump -c 1:1,3:3,5:5,7:7,9:9,11:11,13:13,15:15,17:17

or something else ?

Darren
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

jump to a packet flag alex medvedev (Jul 01)
- Re: jump to a packet flag Guy Harris (Jul 01)
- Re: jump to a packet flag Darren Reed (Jul 01)