From: Mark Allman (mallman@icir.org)
Date: 06/14/04
From: Mark Allman <mallman@icir.org> Subject: tcptrace tcpsplit available Date: Mon, 14 Jun 2004 13:16:23 -0400 Message-Id: <20040614171623.B50DE77AD4D@guns.icir.org>
[re-send- my appologies if you see this more than once]
Hi Folks-
I thought the folks on this list might be interested in a little tool
that I have finally packaged up and released. The tool is "tcpsplit"
and it will chop up a libpcap (tcpdump) packet trace into some number of
sub-traces. The splitting is done along TCP connection boundaries so as
to not dump part of a connection in one sub-trace and one part in
another. I have gotten a bunch of mileage out of this tool over the
years to bust a trace into small-ish chunks that can be crunched in a
manageable way. It is also useful for developing analysis on reasonable
sized traces rather than huge datasets.
You can slurp the tool from:
http://www.icir.org/mallman/software/tcpsplit/
The tool has mostly been developed and used under FreeBSD. I have also
tested it a bit under Linux and Solaris. It compiles (but I have not
rigorously tested it) under OSX. I expect that it will work under other
unix systems, as well. The tool requires libpcap (from
www.tcpdump.org).
I hope it's useful to some of you.
allman
-- Mark Allman -- ICIR -- http://www.icir.org/mallman/
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2.1.7 : 06/15/04 EDT