tcpdump mailing list archives
Re: Merging many files
From: Marco van den Bovenkamp <marco () linuxgoeroe dhs org>
Date: Mon, 30 Aug 2004 17:04:25 +0200
César Cárdenas wrote:
I start to merge one-by-one with TCP filtering but is time-consuming...so...I am looking a fast way for merging with timestamp order and TCP filtering such quantity of files...
I would go about it like this:1) Use mergecap to glue them together. It will sort by timestamp by default, so do *not* use '-a'.
2) Run 'tethereal -r merged.file -w filtered.file' over the resulting file with the filter you want, either a libpcap filter or (with the -R option) an Ethereal display filter.
If the box you're doing this on doesn't have the horsepower (read: memory) to handle a 250MB file, you can do it in a number of smaller steps, and again use mergecap to glue the intermediate files together.
--
Regards,
Marco.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Merging many files César Cárdenas (Aug 29)
- Re: Merging many files Christian Kreibich (Aug 30)
- Re: Merging many files Marco van den Bovenkamp (Aug 30)
- Re: Merging many files César Cárdenas (Aug 30)
- Re: Merging many files Marco van den Bovenkamp (Aug 30)
- Re: Merging many files Marco van den Bovenkamp (Aug 30)
- Re: Merging many files Christian Kreibich (Aug 30)