tcpdump mailing list archives

Script or code to parse and breakdown tcpdump expressions

From: Vini <vini () fugspbr org>
Date: Thu, 20 Oct 2011 02:59:26 +1100

Hi All,

I was wondering if anyone here has  script or any kind of code that is
able to parse tcpdump expressions and break them down to produce a text
file with the results.

I have a bunch of fairly large expressions that have mostly IP addresses
and ports, some of these addresses belong to the same OR block which
ANDs with a port or ports. Something like the below but some of them
will have more than 50 addresses.

((1.1.1.1 or 2.2.2.2 or 3.3.3.3) and port 80) or ((5.5.5.5 or 6.6.6.6)
and (port 443 or 8080))

Ideally I would like to be able to produce something like the below:

1.1.1.1,80
2.2.2.2,80
3.3.3.3,80
5.5.5.5,443
5.5.5.5,8080
6.6.6.6,443
6.6.6.6,8080

Any help will be greatly appreciated.

Regards,
Vini

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Script or code to parse and breakdown tcpdump expressions Vini (Nov 27)
- <Possible follow-ups>
- Script or code to parse and breakdown tcpdump expressions Vini (Nov 29)