DragonFly On-Line Manual Pages

Search: Section:  

rwpcut(1)                       SiLK Tool Suite                      rwpcut(1)


NAME

       rwpcut - Outputs a tcpdump dump file as ASCII


SYNOPSIS

         rwpcut [--columnar]
                [--delimiter=DELIMITER]
                [--epoch-time]
                [--fields=PRINT_FIELDS]
                [--integer-ips]
                [--zero-pad-ips]
                FILE...


DESCRIPTION

       rwpcut outputs tcpdump files in an easy to parse way.  It supports a
       user-defined list of fields to output and a user-defined delimiter
       between columns.


OPTIONS

       Option names may be abbreviated if the abbreviation is unique or is an
       exact match for an option.

       OUTPUT SWITCHES

       --columnar
           Pad each field with whitespace so that it always takes up the same
           number of columns.  The two payload printing fields, payhex and
           payascii, never pad with whitespace.

       --delimiter=DELIMITER
           DELIMITER is used as the delimiter between columns instead of the
           default '|'.

       --epoch-time
           Display the timestamp as epoch time seconds instead of a formatted
           timestamp.

       --fields=PRINT_FIELDS
           PRINT_FIELDS is a comma-separated list of fields to include in the
           output.  The available fields are:

           timestamp - packet timestamp sip       - source IP address.  dip
           - destination IP address sport     - source port dport     -
           destination port proto     - IP protocol payhex    - Payload
           printed as a hex stream payascii  - Payload printed as an ascii
           stream.  Non-printing characters are represented with periods.

       --integer-ips
           Display IP addresses as integers instead of in dotted quad
           notation.

       --zero-pad-ips
           Pad dotted quad notation IP addresses so that each quad occupies
           three columns.


EXAMPLES

       In the following examples, the dollar sign ("$") represents the shell
       prompt.  The text after the dollar sign represents the command line.

        $ rwpcut --fields=sip,dip,sport,dport,proto --columnar data.dmp

                       sip|            dip|sport|dport|proto|
           220.245.221.126|  192.168.1.100|21776| 6882|    6|
           220.245.221.126|  192.168.1.100|21776| 6882|    6|

        $ rwpcut --fields=timestamp,payhex data.dmp

       (Carriage returns mid-payload added for legibility)

           timestamp|payhex|
           2005-04-20 04:28:59.091470|4500003cd85840003206f3e2dcf5dd7
           ec0a8016455101ae2811b6bce00000000a002ffff59990000020405ac0
           10303000101080a524dc5cc00000000|
           2005-04-20 04:29:02.057390|4500003cd88c40003206f3aedcf5dd7
           ec0a8016455101ae2811b6bce00000000a002ffff59930000020405ac0
           10303000101080a524dc5d200000000|


SEE ALSO

       rrwwppttooffllooww(1), ssiillkk(7)


BUGS

       Note that payhex and payascii do not whitespace pad themselves if
       --columnar is used.

       The payascii field does not escape the delimiter character in any way,
       so care should be taken when parsing it.

SiLK 3.11.0.1                     2016-02-19                         rwpcut(1)

Search: Section: