1Fsdb::Filter::tcpdump_tUos_edrb(C3o)ntributed Perl DocumFesndtba:t:iFoinlter::tcpdump_to_db(3)
2
3
4
6 tcpdump_to_db - convert tcpdump textual output to fsdb
7
9 tcpdump_to_db [-T] < source.tcpdump > target.fsdb
10
12 Converts a tcpdump textual data stream to Fsdb format.
13
14 Currently it handles only TCP and silently fails on other traffic!
15 Awaiting enhancement... you're welcome to help.
16
18 -t or --daytime
19 Adjust times relative to the first timestamp. (Defaults on.)
20
21 This module also supports the standard fsdb options:
22
23 -d Enable debugging output.
24
25 -i or --input InputSource
26 Read from InputSource, typically a file name, or "-" for standard
27 input, or (if in Perl) a IO::Handle, Fsdb::IO or Fsdb::BoundedQueue
28 objects.
29
30 -o or --output OutputDestination
31 Write to OutputDestination, typically a file name, or "-" for
32 standard output, or (if in Perl) a IO::Handle, Fsdb::IO or
33 Fsdb::BoundedQueue objects.
34
35 --autorun or --noautorun
36 By default, programs process automatically, but Fsdb::Filter
37 objects in Perl do not run until you invoke the run() method. The
38 "--(no)autorun" option controls that behavior within Perl.
39
40 --help
41 Show help.
42
43 --man
44 Show full manual.
45
47 Input:
48 14:11:12.556781 dash.isi.edu.1023 > excalibur.usc.edu.ssh: S 2306448962:2306448962(0) win 32120 <mss 1460,sackOK,timestamp 82802652[|tcp]> (DF)
49 14:11:12.561734 excalibur.usc.edu.ssh > dash.isi.edu.1023: S 1968320001:1968320001(0) ack 2306448963 win 4096
50 14:11:12.561875 dash.isi.edu.1023 > excalibur.usc.edu.ssh: . ack 1 win 32120 (DF)
51 14:11:18.746567 excalibur.usc.edu.ssh > dash.isi.edu.1023: P 316:328(12) ack 348 win 4096
52 14:11:18.755176 dash.isi.edu.1023 > excalibur.usc.edu.ssh: P 348:488(140) ack 328 win 32696 (DF) [tos 0x10]
53 14:11:18.847937 excalibur.usc.edu.ssh > dash.isi.edu.1023: P 328:468(140) ack 488 win 4096
54 14:11:18.860047 dash.isi.edu.1023 > excalibur.usc.edu.ssh: . ack 468 win 32696 (DF) [tos 0x10]
55 14:11:18.936255 dash.isi.edu.1023 > excalibur.usc.edu.ssh: P 488:516(28) ack 468 win 32696 (DF) [tos 0x10]
56
57 or a more modern form
58
59 17:00:14.808855 IP 10.0.0.172.31738 > 10.1.0.50.telnet: Flags [S], seq 3236187954, win 21463, length 0
60
61 Command:
62 tcpdump_to_db
63
64 Output:
65 #fsdb time proto src dest flags start end len ack win
66 51072.556781 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh S 2306448962 2306448962 0 - 32120
67 51072.561734 tcp excalibur.usc.edu.ssh dash.isi.edu.1023 S 1968320001 1968320001 0 2306448963 4096
68 51072.561875 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh . - - - 1 32120
69 51078.746567 tcp excalibur.usc.edu.ssh dash.isi.edu.1023 P 316 328 12 348 4096
70 51078.755176 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh P 348 488 140 328 32696
71 51078.847937 tcp excalibur.usc.edu.ssh dash.isi.edu.1023 P 328 468 140 488 4096
72 51078.860047 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh . - - - 468 32696
73 51078.936255 tcp dash.isi.edu.1023 excalibur.usc.edu.ssh P 488 516 28 468 32696
74 # | tcpdump_to_db
75
77 Fsdb.
78
80 new
81 $filter = new Fsdb::Filter::tcpdump_to_db(@arguments);
82
83 Create a new tcpdump_to_db object, taking command-line arguments.
84
85 set_defaults
86 $filter->set_defaults();
87
88 Internal: set up defaults.
89
90 parse_options
91 $filter->parse_options(@ARGV);
92
93 Internal: parse command-line arguments.
94
95 setup
96 $filter->setup();
97
98 Internal: setup, parse headers.
99
100 _conv_time
101 $daytime = $self->_conv_time($raw);
102
103 Convert tcpdump h:mm:ss.SS format to absolute seconds.
104
105 run
106 $filter->run();
107
108 Internal: run over each rows.
109
111 Copyright (C) 1991-2018 by John Heidemann <johnh@isi.edu>
112
113 This program is distributed under terms of the GNU general public
114 license, version 2. See the file COPYING with the distribution for
115 details.
116
117
118
119perl v5.38.0 2023-07-20 Fsdb::Filter::tcpdump_to_db(3)