Re: A Question of File Input Formats

From: Shawn Ostermann (ostermann@cs.ohiou.edu)
Date: 02/08/01

Next message: Rob Austein: "Re: A Question of File Input Formats"
Previous message: Frank Solensky: "Re: REQUEST FOR INFORMATION"
In reply to: Ivanovich, Milosh: "A Question of File Input Formats"
Next in thread: Rob Austein: "Re: A Question of File Input Formats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Message-Id: <200102081602.LAA05327@picard.cs.ohiou.edu>
From: "Shawn Ostermann" <ostermann@cs.ohiou.edu>
Subject: Re: A Question of File Input Formats 
Date: Thu, 08 Feb 2001 11:02:56 -0500

> I am aware that TCPTrace only takes BINARY dump files from TCPDump. However,
> I have a lot of useful ASCII formatted TCPDump files which I wouldn't mind
> analysing with TCPTrace. Thus I was wondering if anyone knows of a simple
> ASCII --> BINARY conversion utility for TCPDump (and yes, I know I could do
> a simple PERL script to do this, but I did not want to duplicate effort in
> case something like this existed already).
>
> Many thanks,
> Milosh

I don't know of such a thing, although I've wanted one on several
occastions. I see a couple of problems:

1) missing information
   not all of the information that tcptrace uses in all cases can be
   gleaned from just the ASCII output, but I suspect it would suffice
   in most cases

2) tedious!
   tcpdump output format seems pretty regular. It wouldn't be
   extremely difficult to parse the output, but it would take a while
   to get all of the special cases right (IP options, TCP options,
   etc, etc)

If somebody were tempted to write such a thing, I'd suggest that you
make ASCII Tcpdump a supported input format. You could even write the
parser in lex/yacc which should make the task much easier. It makes
me a little nervous having a program that is pretending to create
tcpdump binary files when those files would necessarily have errors in
them from missing information. If somebody is tempted, please let me
know!

Shawn
-------------------------------------------------------------------------
   Dr. Shawn Ostermann - Associate Professor - Ohio University
      322B Stocker Center, Ohio University, Athens, Ohio 45701-2979
ostermann@cs.ohiou.edu -- FAX: (740)593-0007 -- Voice: (740)593-1234
    http://ace.cs.ohiou.edu/~osterman http://irg.cs.ohiou.edu

----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

Next message: Rob Austein: "Re: A Question of File Input Formats"
Previous message: Frank Solensky: "Re: REQUEST FOR INFORMATION"
In reply to: Ivanovich, Milosh: "A Question of File Input Formats"
Next in thread: Rob Austein: "Re: A Question of File Input Formats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 02/08/01 EST