Just moozing

Before you can check your notes, you must make them…

Bash one-liners

with one comment

At the office, we like one-liners…

Manipulating PCAPs

We had a need for working with lots of 150 MB PCAP files.

mergecat -a *.pcap -w - | tcpdump -r - -w router.pcap -n host

Don’t forget the -a if you have lots of data, otherwise it will parse all files before piping data to tcpdump.


How to generate PCAP listing

This is not a cool one-liner, but I use something like this to get an overview of the PCAPs.

capinfos -T -m -Q mycapture.pcap


Csv file manipulation

Normal people would probably import the file into a spreadsheet.

tail -n +2 pcaplisting.txt | cut -f4 | paste -sd+ | bc

Sum all values from column 4 except the first line.



Some of our tools gives us files with IP addresses, so automating lookup is relevant.

for ip in $(tail -n +2 datafile.csv | cut -d ',' -f2); do echo -n "$ip "; dig -x $ip +short; done

Generate a list of IP address combined with the reverse DNS name. The IP addresses come from the second column of the datafile, and excludes the first line.





Written by moozing

November 18, 2014 at 12:00

Posted in Tech

Tagged with , ,

One Response

Subscribe to comments with RSS.

  1. […] We combine tstat with mergecap as I described in a earlier post. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: