Wireshark mailing list archives
Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory
From: Phil_Deming () mechanicsbank com
Date: Tue, 28 Sep 2010 15:04:11 -0700
I am running Ubuntu 9.10 Server and am collecting packets with TShark 1.4 from about 40 Subnets (Offices) traversing my aggregation Subnet (the Datacenter). There are 9000 64meg files collected per day before overwriting begins. When a Network question arises, I copy the 1 to 3 hours of files to a 2nd Directory so that they won't be overwritten later. That's about 180+ 64 meg files. I need to filter all of the files in the 2nd Directory to create new files only containing packets from 1 to 4 transmitting or receiving Subnets. I need all of the IPs from each subnet. Next, want to see the "Top Talkers" during this period. That should be the easy part. I presume grep, bash, awk editcap, tshark, tcpdump are the tools. Can someone get me started with some scripts / examples? We commit our personal best to you, every day! The information transmitted may contain confidential material and is intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of or taking of any action by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please delete the information from your system and contact the sender. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Phil_Deming (Sep 29)
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Estanislao Gonzalez (Sep 29)
- <Possible follow-ups>
- Re: Scripts for filtering a directory file captures to only include specific Subnet packets in new files in a new directory Phil_Deming (Sep 30)