tcpdump(1) filter by date
David Wolfskill
david at catwhisker.org
Tue Nov 18 13:41:06 PST 2008
[Cross-post to -questions elided, since I saw the message on -stable,
and I'd like to discourage gratuitous cross-posting. dhw]
On Tue, Nov 18, 2008 at 07:30:39PM -0200, Eduardo Meyer wrote:
> Hello,
>
> I have a kind big tcpdump file, which has data from the last week. I
> want to dump information based on date. Can I do it without generating
> a full output and later parse the headers?
See the port net/tcpslice.
Here's an excerpt from its man page:
DESCRIPTION
Tcpslice is a program for extracting portions of packet-trace files
generated using tcpdump(l)'s -w flag. It can also be used to merge
together several such files, as discussed below.
...
There are a number of ways to specify times. The first is using Unix
timestamps of the form sssssssss.uuuuuu (this is the format specified
by tcpdump's -tt flag). For example, 654321098.7654 specifies 38 sec-
onds and 765,400 microseconds after 8:51PM PDT, Sept. 25, 1990.
> ...
Peace,
david
--
David H. Wolfskill david at catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20081118/ae8239d8/attachment.pgp
More information about the freebsd-stable
mailing list