[Snort-devel] TCPDump file managment

Martin Roesch roesch at ...48...
Thu Jan 4 17:35:41 EST 2001


Do you want the packets sorted by timestamp, or just all packed together in
one file?  Does the program need to accept an arbitrary number of files to
concatenate?  What other constraints are you interested in (sorting, etc)?  If
the packets come off of different link layer types, how shall it be handled
(i.e. snaplen for Ethernet is 1500, snaplen for T/R is something like 2000)?

Let me know what you're really looking for and I'll bet I can code somethin up
tonight...

      -Marty

"A.L.Lambert" wrote:
> 
>         I need a tool that will read input from multiple tcpdump formated
> binary files, and output all the packets to a single tcpdump formated
> file.  Neither tcpdump, nor tcpslice seems suitable for this task
> (tcpslice has some requirements that I can't meet as far as packet content
> minimums, not working on files with packets that span multiple years; and
> tcpdump and snort both refuse to do the deed when I feed them multiple
> packet dump's via stdin).
> 
>         Hopefully, I'm not the first person to have this need, and someone
> can shed some insight on how I might go about doing this.  Thanks in
> advance.
> 
>         --A.L.Lambert
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list