|
-
October 7th, 2011, 06:55 PM
#1
 Help with pcap
Hi guys
I am new to using pcap and tools associated with it. I have huge traces (in TB) which I have to analyze. I am only interested in the packet header (viz absolute timestamp, sending and receiving MAC, sending and receiving IP and transport protocol ports. All other information are not required. Is there a way that I can extract these information from a pcap file to a tab seperated text file? or any other format wher I can post process it is also ok.
Initially I tried exporting the pcap file to text and then used shell tools to extract the data. but it proved hugely expensive in storage and in computing power.
Any suggestion or starting point would be greatly helpful.
THanks in advance 
-
October 19th, 2011, 11:11 PM
#2
Re: Help with pcap
I think you can read your pcap file using pcap_* functions, following are some related pcap functions:
pcap_open(), pcap_next()/pcap_next_ex(),pcap_close().
Reference http://www.tcpdump.org or http://www.wireshark.org for detailed information.
Good luck!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote