tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tool to reorder packets of a pcap?

From: rixed () happyleptic org
Date: Wed, 6 Feb 2013 10:08:08 +0100
Many people suggested reordercap from wireshark 1.9.
Thank you, I was not aware of this tool.

But looking at the code, it seams that this program loads the whole pcap before
sorting it - this is not practical when the pcap is huge, as is often the case
for me.

So I wrote a small tool but unfortunately it will be very unpractical for
anyone else to use since it uses a badly packaged, unpolished library of mine
written in an alien technology[1]. It should be rewriten in C for max
usability. The idea is merely to do one single pass with a small buffer of N
packets that you can reorder, and check wether the buffer was enough to sort
completely the pcap (so that you can ask for another pass). There probably are
more intelligent ways to sort a stream inline, but this was enough for my need
(I record in a single pcap from several threads with a huge mmap buffer so the
packets are somewhat intermixed but not completely random).

[1]: http://github.com/rixed/robinet/blob/master/examples/pcap_reorder.ml
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: