Security Basics mailing list archives
Re: tcpdump output
From: Isaac Perez <suscripcions () tsolucio com>
Date: Tue, 07 Nov 2006 19:07:12 +0100
Try this perl script: http://www.badpenguin.co.uk/main/content/view/46/2/ Maybe you'll find useful this tool too: http://sourceforge.net/projects/tcpreplay/ El lun, 06-11-2006 a las 10:57 -0600, Francois Yang escribió:
I'm trying to get tcpdump to only show me the events that happened for one day and have that result put into a new tcpdump file. I have a file call logfile and I had snort log to it in tcpdump format over the weekend. Now I want to only show the events for Sat Nov4. I can do "tcpdump -ttttr logfile | grep "2006-11-04"" and it will show me what I want. But I want this output to be put back into a tcpdump file so I can do some analys. How can I do that? If I do a "tcpdump -ttttr logfile | grep "2006-11-04" >> newlogfile" It will put the info into the new file, but it won't be in the tcpdump format anymore and I won't be able to do stuff with it beside reading it in the format it was dumped. any suggestions? anyways to do it with snort? OR am I stuck with what I get now? Thank you. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- tcpdump output Francois Yang (Nov 06)
- Re: tcpdump output Chris Buckley (Nov 07)
- Re: tcpdump output Isaac Perez (Nov 07)
- <Possible follow-ups>
- RE: tcpdump output Vogels, Mark (Nov 07)