Saturday 12 February, 2011

Fed up of searching small information in big packet capture file?

I usually face this problem where I need to find for some information in a very huge file. And, it takes lot of time to filter and show the results.
Now, I got different kind of problem, but, similar. Customer sent set of capture files, around 80, each of 25MB (looks like, he knows that opening a big file and debugging using it is very frustrating). Just thought of using some command lines and there are some already.
We can use tcpdump over a network packet capture file like tcpdump -r filename and we can apply filters using -R. Filter is similar to that of wireshark, but not same.
Something like 'tcpdump -r output.cap$i host 10.240.111.29 and host 10.240.115.55 and port 80 and port 16876 >> filteredData'.
Even Wireshark have command line tool. Hadn't explored yet.

No comments: