filter pcap files

05-19-2005, 08:28 PM

I'm trying to figure out a way to use a console program to filter through
pcap files. I want to take a pcap dump of wireless activity and filter only
by the access point (BSSID). I can open the file in ethereal and filter it
that way, but is there a way to use tcpdump -r or tcpslice to do the same
thing? "tcpdump -r file -e | grep bssid" shows me the human readable
output, but i'd like to get this into another pcap file if possible. if
not, is there another tool that can achieve this? I'd like to use a console
program because ethereal craps out on large files, and i'd like to use
scripting to automate this

Thanks for any suggestions!

05-20-2005, 01:20 AM

> I'd like to use a console
> program because ethereal craps out on large files, and i'd like to use
> scripting to automate this

Try tethereal. It's command line and can do read/filter/write.

05-20-2005, 02:38 AM

"Allen McIntosh" <(E-Mail Removed)> wrote in message
news:KXaje.23178$(E-Mail Removed)...
>> I'd like to use a console program because ethereal craps out on large
>> files, and i'd like to use scripting to automate this
>
> Try tethereal. It's command line and can do read/filter/write.

That's exactly what i needed. thanks

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Pcap and packets	lancer6238@yahoo.com	Linux Networking	0	11-10-2008 05:42 AM
filtering out unique IPs from pcap file	AA	Linux Networking	1	08-24-2006 12:14 AM
blocking packets which come we get from pcap application	tapankulkarni@gmail.com	Linux Networking	2	02-27-2006 03:39 AM
Win Pcap will it cause network problems?	Eric	Home Networking	1	02-07-2006 10:00 AM
pcap file help	jly	Linux Networking	1	05-27-2004 11:27 PM