[tcpdump-workers] tcpdump No Append Mode
Dear all , I am Manmohan, working as a Research Associate in the High Performance Computing Group of CSIR Centre for Mathematical Modelling & Computer Simulation. Our group is responsible for Networks and HPC systems security and management. From couple days I am trying to analyze the CAIDA data and try to find our how many attacks were made over my and my neighbouring research organization network. Generally what all i used to do is go through all the pcap files and search for my IP and Subnet. What all i wanted to do is append my backscattered data in one pcap file for further analysis. With tcpdump -w backsfile.pcap it passes all the backscattered data to baksfile.pcap but in the next iteration it overwrites the same file. seeking for your response. regards, - Manmohan -- @Thanks and Regards, Manmohan Brahma High Performance Computing Group CSIR Center for Mathematical Modelling & Computer Simulation National Aerospace Labaoratories , Belur Campus , Bangalore - 560 017 India. E-mail : manmohan.bra...@gmail.com Ph: +91-8880772648 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] tcpdump No Append Mode
On 27 dec 2010, at 12:09, Manmohan Brahma wrote: > Generally what all i used to do is go through all the pcap files and search > for my IP and Subnet. > > What all i wanted to do is append my backscattered data in one pcap file for > further analysis. > > With tcpdump -w backsfile.pcap it passes all the backscattered data to > baksfile.pcap but in the next iteration it overwrites the same file. I'm not aware of any tcpdump options that would allow you to do that. However, the utility "mergecap" can merge two or more tracefiles for you. Either appended or merged based on timestamps. If you need you can edit the timestamps in the sourcefile(s) with the utility "editcap". Both "mergecap" and "editcap" are part of the Wireshark suite. See: www.wireshark.org. Hope this helps (and that it's not violating the etiquette on this mailing-list), Met vriendelijke groet, Kind Regards, Sake Blok Consultant / Trainer / Troubleshooter SYN-bit - Deep Traffic Analysis - http://www.SYN-bit.nl - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] pcap_lib_version problem while installing DAQ
Hi all, Good morning I am having a problem while installing DAQ which is used by snort . DAQ package is searching for the function pcap_lib_version and returning the following error . checking for pcap_lib_version... checking for pcap_lib_version in -lpcap... no ERROR! Libpcap library version >= 1.0.0 not found. Get it from http://www.tcpdump.org My query is whether libpcap 1.1 includes the above function or not . if so how to verify the same. Regards Appaji peruri N&S security team [cid:image001.gif@01CBA686.39BE4370] DISCLAIMER: This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated. <>
