tcpdump mailing list archives
multiple pcap files from stdin
From: "Michael L. Artz" <dragon () october29 net>
Date: Sat, 19 Apr 2003 11:24:05 -0400
Is there a way for me to pipe multiple pcap files to tcpdump on stdin, such as:
cat file1.pcap file2.pcap | tcpdump -r -I am getting the error 'pcap_loop: truncated dump file" just before tcpdump begins processing file2. I don't know much about the libpcap output format, but I assume that there is some sort of header on each file, and that pcap_loop tries to treat the header as a packet and bombs out. Is there any way to get around this? Perhaps some sort of filter program that I can run?
What I am trying to do is enable tcpdump (or snort, which has much of the same libpcap code, I think) to process a bunch of input files as a single stream, without having to merge the files beforehand. I have a ton of tcpdump audit logs spread across multiple dvds, and my end goal is to have a little perl script that would open a pipe to tcpdump and prompt me for the directory to read files from and pumps them to tcpdump. Once it has processed all of the files, it can ask me for another directory, and I can swap dvds and keep going, with the tcpdump process surviving the dvd swap.
Thanks -Mike - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- multiple pcap files from stdin Michael L. Artz (Apr 19)
- Re: multiple pcap files from stdin Marco van den Bovenkamp (Apr 19)
- Re: multiple pcap files from stdin Guy Harris (Apr 19)
- Re: multiple pcap files from stdin itojun (Apr 20)
- <Possible follow-ups>
- Re: multiple pcap files from stdin Steve Bonds (Apr 19)
- Re: multiple pcap files from stdin George Bakos (Apr 19)