Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

tcpdump output

From: "Francois Yang" <francois.y () gmail com>
Date: Mon, 6 Nov 2006 10:57:15 -0600
I'm trying to get tcpdump to only show me the events that happened for
one day and have that result put into a new tcpdump file.
I have a file call logfile and I had snort log to it in tcpdump format
over the weekend.
Now I want to only show the events for Sat Nov4.
I can do "tcpdump -ttttr logfile | grep  "2006-11-04"" and it will
show me what I want.
But I want this output to be put back into a tcpdump file so I can do
some analys.
How can I do that? If I do a "tcpdump -ttttr logfile | grep
"2006-11-04" >> newlogfile"
It will put the info into the new file, but it won't be in the tcpdump
format anymore and I won't be able to do stuff with it beside reading
it in the format it was dumped.
any suggestions? anyways to do it with snort? OR am I stuck with what I get now?

Thank you.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: