From: owner-tcptrace@tcptrace.org
Date: 06/10/04
Date: Thu, 10 Jun 2004 23:12:16 -0400 (EDT) Message-Id: <200406110312.i5B3CGod024136@masaka.cs.ohiou.edu> From: owner-tcptrace@tcptrace.org Subject: BOUNCE tcptrace@tcptrace.org: Non-member submission from [Mark Allman <mallman@icir.org>]
>From weddy Thu Jun 10 23:12:15 2004
Received: from wyvern.icir.org (wyvern.icir.org [192.150.187.14])
by masaka.cs.ohiou.edu (8.12.10/8.12.8) with ESMTP id i5B3CEjT024132
for <tcptrace@tcptrace.org>; Thu, 10 Jun 2004 23:12:15 -0400 (EDT)
Received: from guns.icir.org (adsl-68-76-113-50.dsl.bcvloh.ameritech.net [68.76.113.50])
by wyvern.icir.org (8.12.9p1/8.12.8) with ESMTP id i5B3C8CJ019129
for <tcptrace@tcptrace.org>; Thu, 10 Jun 2004 20:12:08 -0700 (PDT)
(envelope-from mallman@icir.org)
Received: from lawyers.icir.org (adsl-68-76-113-50.dsl.bcvloh.ameritech.net [68.76.113.50])
by guns.icir.org (Postfix) with ESMTP id 2549477ADA0
for <tcptrace@tcptrace.org>; Thu, 10 Jun 2004 23:12:06 -0400 (EDT)
Received: from lawyers.icir.org (localhost [127.0.0.1])
by lawyers.icir.org (Postfix) with ESMTP id 5D40B15E4EF
for <tcptrace@tcptrace.org>; Thu, 10 Jun 2004 23:11:50 -0400 (EDT)
To: tcptrace@tcptrace.org
From: Mark Allman <mallman@icir.org>
Reply-To: mallman@icir.org
Subject: tcpsplit available
Organization: ICSI Center for Internet Research (ICIR)
Song-of-the-Day: Running On Empty
Date: Thu, 10 Jun 2004 23:11:50 -0400
Sender: mallman@icir.org
Message-Id: <20040611031150.5D40B15E4EF@lawyers.icir.org>
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
--=-=-=
Content-Type: text/plain
Hi Folks-
I thought the folks on this list might be interested in a little tool
that I have finally packaged up and released. The tool is "tcpsplit"
and it will chop up a libpcap (tcpdump) packet trace into some number of
sub-traces. The splitting is done along TCP connection boundaries so as
to not dump part of a connection in one sub-trace and one part in
another. I have gotten a bunch of mileage out of this tool over the
years to bust a trace into small-ish chunks that can be crunched in a
manageable way and also is useful for developing analysis on reasonable
sized traces rather than huge datasets.
You can slurp the tool from:
http://www.icir.org/mallman/software/tcpsplit/
The tool has mostly been developed and used under FreeBSD. I have also
tested it a bit under Linux and Solaris. I expect that it will work
under other unix systems, as well. The tool requires libpcap (from
www.tcpdump.org).
I hope it's useful to some of you.
allman
-- Mark Allman -- ICIR -- http://www.icir.org/mallman/ --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (Darwin) iD8DBQFAySL2WyrrWs4yIs4RAg+wAJ47VCpOOVwPqmWVs51x40iNSABFHgCffnFA nquxFrn+xXTMlfkle1xSnO4= =raUA -----END PGP SIGNATURE----- --=-=-=-- ---------------------------------------------------------------------------- To unsubscribe, send a message with body containing "unsubscribe tcptrace" to majordomo@tcptrace.org.
This archive was generated by hypermail 2.1.7 : 06/14/04 EDT