Date: Wed, 10 Apr 2002 15:27:22 -0400 From: Rob Austein <sra@hactrn.net> Subject: Re: timestamp range in tcptrace Message-Id: <20020410192722.5D46A1CAA@thrintun.hactrn.net>
It's also pretty easy to write a little C or Perl program to grovel
through a pcap file doing filtering based on the pcap frame headers.
That is, while generalized packet filtering in its full glory is
probably something you want to leave to tcptrace, tcpdump, or
tethereal, if for some odd reason you only wanted to look at, say,
packets bearing pcap timestamps that happened to be prime numbers, you
could probably do so in about a dozen lines of perl code. See
http://www.hactrn.net/hacks/fix-redhat-61-pcap/fix-rh61-pcap.pl
for some Perl code that might serve as a starting point (but note that
it's just an example -- if you really want to perform the particular
task that perl code was written to do, tethreal would almost certainly
be a better tool with which to do it).
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2b30 : 04/11/02 EDT