piping to a text file

[Bryan Patterson]

Thanks for the help!

Bryan

On Thu, 2004-04-01 at 11:37, Peter Van Epp wrote:
> 	tcpdump -s 1510 -nXr <file> > text_file
> 
> will dump up to 1510 bytes (the -s flag and if your capture contains that 
> much, 128 bytes is the default if the capture didn't have a -s flag usually) 
> from "file" (the tcpdump input file with or without bro, if all you want is a 
> printout of the raw packets you don't need bro in the loop). The -n suppresses 
> DNS conversion, the X prints the entire packet in readable form and -r tells 
> it what tcpdump file to read. The "> text_file" redirects the output (which is 
> by default to the screen) in to file "text_file" which you can edit. From the 
> command prompt "man tcpdump" will give you the man page for tcpdump which 
> explains all the various options.
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> On Thu, Apr 01, 2004 at 11:13:08AM -0500, Bryan Patterson wrote:
> > Hello,
> > 
> > > The binary file is in tcpdump format, so you can use tcpdump -r <file> to
> > > see the trace in text format (try flag -nX). 
> > 
> > Where does the '-nX' flag go? tcpdump or bro? Does it go in place of the
> > '-r' or appended to it?
> > 
> > > Also if you say 'bro ... -w
> > > -', the output trace will be dumped to stdout and you can pipe it with
> > > tcpdump as well.
> > 
> > >From the following line...
> > 	>#bro -r <trace file> mt -w <output file>
> > How do I do what you are saying above so that I can read the data in a
> > text reader (vi,gedit,emacs...)?
> > 
> > I am running a bash shell on Fedora/Redhat. 
> > Sorry, I have only been "officially" running Linux for a few months.
> > 
> > > 
> > > Does this answer your question? (I don't know what you meant by "as-is"
> > > though.)
> > > 
> > > 
> > When I said "as-is" I just meant that I didn't want bro to analyze the
> > data, just repeat it back.
> > 
> > THANKS!
> > Bryan
> >