1Fsdb::Filter::tcpdump_tUos_edrb(C3o)ntributed Perl DocumFesndtba:t:iFoinlter::tcpdump_to_db(3)
2
3
4

NAME

6       tcpdump_to_db - convert tcpdump textual output to fsdb
7

SYNOPSIS

9           tcpdump_to_db [-T] < source.tcpdump > target.fsdb
10

DESCRIPTION

12       Converts a tcpdump textual data stream to Fsdb format.
13
14       Currently it handles only TCP and silently fails on other traffic!
15       Awaiting enhancement... you're welcome to help.
16

OPTIONS

18       -t or --daytime
19           Adjust times relative to the first timestamp.  (Defaults on.)
20
21       This module also supports the standard fsdb options:
22
23       -d  Enable debugging output.
24
25       -i or --input InputSource
26           Read from InputSource, typically a file name, or "-" for standard
27           input, or (if in Perl) a IO::Handle, Fsdb::IO or Fsdb::BoundedQueue
28           objects.
29
30       -o or --output OutputDestination
31           Write to OutputDestination, typically a file name, or "-" for
32           standard output, or (if in Perl) a IO::Handle, Fsdb::IO or
33           Fsdb::BoundedQueue objects.
34
35       --autorun or --noautorun
36           By default, programs process automatically, but Fsdb::Filter
37           objects in Perl do not run until you invoke the run() method.  The
38           "--(no)autorun" option controls that behavior within Perl.
39
40       --help
41           Show help.
42
43       --man
44           Show full manual.
45

SAMPLE USAGE

47   Input:
48           14:11:12.556781 dash.isi.edu.1023 > excalibur.usc.edu.ssh: S 2306448962:2306448962(0) win 32120 <mss 1460,sackOK,timestamp 82802652[|tcp]> (DF)
49           14:11:12.561734 excalibur.usc.edu.ssh > dash.isi.edu.1023: S 1968320001:1968320001(0) ack 2306448963 win 4096
50           14:11:12.561875 dash.isi.edu.1023 > excalibur.usc.edu.ssh: . ack 1 win 32120 (DF)
51           14:11:18.746567 excalibur.usc.edu.ssh > dash.isi.edu.1023: P 316:328(12) ack 348 win 4096
52           14:11:18.755176 dash.isi.edu.1023 > excalibur.usc.edu.ssh: P 348:488(140) ack 328 win 32696 (DF) [tos 0x10]
53           14:11:18.847937 excalibur.usc.edu.ssh > dash.isi.edu.1023: P 328:468(140) ack 488 win 4096
54           14:11:18.860047 dash.isi.edu.1023 > excalibur.usc.edu.ssh: . ack 468 win 32696 (DF) [tos 0x10]
55           14:11:18.936255 dash.isi.edu.1023 > excalibur.usc.edu.ssh: P 488:516(28) ack 468 win 32696 (DF) [tos 0x10]
56
57       or a more modern form
58
59           17:00:14.808855 IP 10.0.0.172.31738 > 10.1.0.50.telnet: Flags [S], seq 3236187954, win 21463, length 0
60
61   Command:
62           tcpdump_to_db
63
64   Output:
65           #fsdb time proto src dest flags start end len ack win
66           51072.556781 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh S 2306448962 2306448962 0 - 32120
67           51072.561734 tcp excalibur.usc.edu.ssh dash.isi.edu.1023 S 1968320001 1968320001 0 2306448963 4096
68           51072.561875 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh . - - - 1 32120
69           51078.746567 tcp excalibur.usc.edu.ssh dash.isi.edu.1023 P 316 328 12 348 4096
70           51078.755176 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh P 348 488 140 328 32696
71           51078.847937 tcp excalibur.usc.edu.ssh dash.isi.edu.1023 P 328 468 140 488 4096
72           51078.860047 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh . - - - 468 32696
73           51078.936255 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh P 488 516 28 468 32696
74           #  | tcpdump_to_db
75

SEE ALSO

77       Fsdb.
78

CLASS FUNCTIONS

80   new
81           $filter = new Fsdb::Filter::tcpdump_to_db(@arguments);
82
83       Create a new tcpdump_to_db object, taking command-line arguments.
84
85   set_defaults
86           $filter->set_defaults();
87
88       Internal: set up defaults.
89
90   parse_options
91           $filter->parse_options(@ARGV);
92
93       Internal: parse command-line arguments.
94
95   setup
96           $filter->setup();
97
98       Internal: setup, parse headers.
99
100   _conv_time
101           $daytime = $self->_conv_time($raw);
102
103       Convert tcpdump h:mm:ss.SS format to absolute seconds.
104
105   run
106           $filter->run();
107
108       Internal: run over each rows.
109
111       Copyright (C) 1991-2018 by John Heidemann <johnh@isi.edu>
112
113       This program is distributed under terms of the GNU general public
114       license, version 2.  See the file COPYING with the distribution for
115       details.
116
117
118
119perl v5.30.0                      2019-09-19    Fsdb::Filter::tcpdump_to_db(3)
Impressum