Wednesday 28 April, 2010

editcap

vim, less and any other file manipulation commands take lot of time to load or search in very big files and so we use split such big files into small to analyze them.
Similarly, we used to face problems in analyzing network packets captured files. To cut the files or to filter some packets from the network traces captured files, you can use editcap. Its command line oriented provided along with ethereal/wireshark.
Also, there are few perl scripts available in Internet which are based on libpcap. I yet to install and try that. Looks like that give us more control in filtering the packets.
If some one know or have idea about using libpcap, share it with us.

No comments: