[prev in list] [next in list] [prev in thread] [next in thread]
List: tcpdump-workers
Subject: Re: [tcpdump-workers] Translation of IP addresses in a tcpdump file.
From: John Fastabend <jfastabe () up ! edu>
Date: 2003-05-29 5:47:09
[Download RAW message or body]
Hello,
if you have *nix os take a look at sed it should be able to do what you
are talking (#man sed for the documentation). This should work for you
maybe im off base though.
On Wed, 28 May 2003, Vaidehi Kasarekar wrote:
> Hello,
>
> I want to edit a tcpdump file. I want to replace
> some addresses by some other addresses and delete rest
> of the addresses, present in the tcpdump file. I did a
> considerable amount of research on the available
> tools. I found netdude useful. But netdude does not
> support large files. My tcpdump files are very large.
> I did not find any other tools, which could translate
> these ip addresses.
>
> I am aware that all the tools use the libpcap API's.
> The alternative to my problem would be to write code,
> which will read tcpdump file. Get it in a buffer,
> search for the ipaddress-to-be-replaced, replace them
> with different ip adrresses.
>
> This is a very preliminary step of my research and i
> am a java-girl. i am not that comfortable with the
> libpcap format. My research depends on this step. I am
> not even sure of how difficult this task can be. This
> is a very imp step for me.
>
> Has anybody got this problem earlier? Can i find
> some code/references to do this.
>
> Any pointers or hints in this direction will be very
> useful.
>
> Thanks
> -Vaidehi
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
> http://calendar.yahoo.com
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe
>
--
--
"Dependence on computers is apparently making a significant fraction
of the population incurably stupid." -- Fritz Whittington
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic