Re: Trace conversion.

[Paul Berube <berube () cs ualberta ca>]

> > > this won't work with icmp though...
> >
> > That's fine, I'm only interested in IP traffic.
>
> Presumably you mean "IP traffic other than ICMP traffic", as ICMP 
> traffic *is* IP traffic.

Right, of course it is.  Thanks for catching that :)

Just as a shot in the dark, changed '-ln ip' to '-ln icmp', and got a 
different (much smaller) result.  I'm assuming that this is indeed the 
ICMP traffic that is excluded from the '-ln ip' output.  Since my traces 
don't cross day boundaries, I just appended the two results and passed 
it through sort.

Thanks for all your help!

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.