Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcpdump output

From: Isaac Perez <suscripcions () tsolucio com>
Date: Tue, 07 Nov 2006 19:07:12 +0100
Try this perl script:
http://www.badpenguin.co.uk/main/content/view/46/2/
Maybe you'll find useful this tool too:
http://sourceforge.net/projects/tcpreplay/

El lun, 06-11-2006 a las 10:57 -0600, Francois Yang escribió:

I'm trying to get tcpdump to only show me the events that happened for
one day and have that result put into a new tcpdump file.
I have a file call logfile and I had snort log to it in tcpdump format
over the weekend.
Now I want to only show the events for Sat Nov4.
I can do "tcpdump -ttttr logfile | grep  "2006-11-04"" and it will
show me what I want.
But I want this output to be put back into a tcpdump file so I can do
some analys.
How can I do that? If I do a "tcpdump -ttttr logfile | grep
"2006-11-04" >> newlogfile"
It will put the info into the new file, but it won't be in the tcpdump
format anymore and I won't be able to do stuff with it beside reading
it in the format it was dumped.
any suggestions? anyways to do it with snort? OR am I stuck with what I get now?

Thank you.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: