redirect output of editcap to tcpdump -

-

i want filter first 100 packets inside pcap file , show result on stdout. filtering first 100 packet used below command:

editcap -r test.pcap output.pcap 1-100

for showing result , filtering packet further purpose want used tcpdump.

tcpdump -tttt tcp , host ip 192.168.1.1 -r inputfile.pcap

i want redirect output of editcap tcpdump, this:

editcap -r test.pcap - | tcpdump -tttt tcp , host ip 192.168.1.1 -r -

but in command couldnt filter first 100 packets. possible so?? if not possible rediredt output of editcap ram , tcpdump read ram ??

thanks in advanced.

p.s way, don't want use below command, because command read packet inside file. need command read packets inside pcap file , shows finished job.

tshark -r ~/test1.pcap  -r "frame.number<20 , frame.number>10"

but in command couldnt filter first 100 packets

i.e., don't see packets?

try doing

editcap -f pcap -r test.pcap - 1-100 | tcpdump -tttt tcp , host ip 192.168.1.1 -r -

as editcap might writing out pcap-ng file , there bug in versions of libpcap when reading pcap-ng files causes filtering in tcpdump not work.


Comments

Post a Comment

Popular posts from this blog

python - Healpy: From Data to Healpix map -

-
Image
i have data grid rows represent theta (0, pi) , columns represent phi (0, 2*pi) , f(theta,phi) density of dark matter @ location. wanted calculate power spectrum , have decided use healpy. what can not understand how format data healpy use. if provide code (in python obvious reasons) or point me tutorial, great! have tried hand @ doing following code: #grid dimensions nrows*ncols (subject change) theta = np.linspace(0, np.pi, num=grid.shape[0])[:, none] phi = np.linspace(0, 2*np.pi, num=grid.shape[1]) nside = 512 print "pixel area: %.2f square degrees" % hp.nside2pixarea(nside, degrees=true) pix = hp.ang2pix(nside, theta, phi) healpix_map = np.zeros(hp.nside2npix(nside), dtype=np.double) healpix_map[pix] = grid but, when try execute code power spectrum. specifically, : cl = hp.anafast(healpix_map[pix], lmax=1024) i error: typeerror: bad number of pixels if point me tutorial or edit code great. more specifications: data in 2d np array , can change numrows/
Read more

c - Bitwise operation with (signed) enum value -

-
i using enumerator values flags: typedef enum { = 0x00, b = 0x01u, // u has no influence, expected c = 0x02u, // u has no influence, expected ... } enum_name; volatile unsigned char* reg = someaddress; *reg |= b; according misra-c:2004 bitwise operations shall not done signed type. unfortunately, compiler iar use signed int (or short or char) underlying type of enums, , option can find relates size, not signedness ("--enum-is-int"). according iar c/c++ development guide arm , pages 169 , 211, can define type of enum s if enable iar language extensions ( -e command-line option, or project > options > c/c++ compiler > language > allow iar extensions in ide). in particular, should define "sentinel" value, make sure compiler chooses correct type. prefers signed types, , uses smallest possible integer type, sentinel should largest positive integer corresponding unsigned integer type can describe. example, typedef enum
Read more

xslt - Unnest parent nodes by child node -

-
in xml there items 0-n attributes , item should copied each attribute new item 1 attribute. given xml this: <?xml version="1.0" encoding="utf-8" ?> <items> <item> <name>a</name> <attributes> <attribute> <key>attribute1</key> <value>1</value> </attribute> </attributes> </item> <item> <name>b</name> </item> <item> <name>c</name> <attributes> <attribute> <key>attribute1</key> <value>5</value> </attribute> <attribute> <key>attribute2</key> <value>2</value> </attribute> <attribute> <key>attri
Read more