GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  RWPCUT (1)

.ds Aq ’

NAME

rwpcut - Outputs a tcpdump dump file as ASCII

CONTENTS

SYNOPSIS



  rwpcut [--columnar]
         [--delimiter=DELIMITER]
         [--epoch-time]
         [--fields=PRINT_FIELDS]
         [--integer-ips]
         [--zero-pad-ips]
         FILE...



DESCRIPTION

rwpcut outputs tcpdump files in an easy to parse way. It supports a user-defined list of fields to output and a user-defined delimiter between columns.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option.

OUTPUT SWITCHES
--columnar Pad each field with whitespace so that it always takes up the same number of columns. The two payload printing fields, payhex and payascii, never pad with whitespace.
--delimiter=DELIMITER DELIMITER is used as the delimiter between columns instead of the default ’|’.
--epoch-time Display the timestamp as epoch time seconds instead of a formatted timestamp.
--fields=PRINT_FIELDS PRINT_FIELDS is a comma-separated list of fields to include in the output. The available fields are:

timestamp - packet timestamp sip - source IP address. dip - destination IP address sport - source port dport - destination port proto - IP protocol payhex - Payload printed as a hex stream payascii - Payload printed as an ascii stream. Non-printing characters are represented with periods.

--integer-ips Display IP addresses as integers instead of in dotted quad notation.
--zero-pad-ips Pad dotted quad notation IP addresses so that each quad occupies three columns.

EXAMPLES

In the following examples, the dollar sign ($) represents the shell prompt. The text after the dollar sign represents the command line.



 $ rwpcut --fields=sip,dip,sport,dport,proto --columnar data.dmp

                sip|            dip|sport|dport|proto|
    220.245.221.126|  192.168.1.100|21776| 6882|    6|
    220.245.221.126|  192.168.1.100|21776| 6882|    6|


 $ rwpcut --fields=timestamp,payhex data.dmp



(Carriage returns mid-payload added for legibility)



    timestamp|payhex|
    2005-04-20 04:28:59.091470|4500003cd85840003206f3e2dcf5dd7
    ec0a8016455101ae2811b6bce00000000a002ffff59990000020405ac0
    10303000101080a524dc5cc00000000|
    2005-04-20 04:29:02.057390|4500003cd88c40003206f3aedcf5dd7
    ec0a8016455101ae2811b6bce00000000a002ffff59930000020405ac0
    10303000101080a524dc5d200000000|



SEE ALSO

rwptoflow(1), silk(7)

BUGS

Note that payhex and payascii do not whitespace pad themselves if --columnar is used.

The payascii field does not escape the delimiter character in any way, so care should be taken when parsing it.

Search for    or go to Top of page |  Section 1 |  Main Index


SiLK 3.11.0.1 RWPCUT (1) 2016-04-05

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.