GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
rwpcut(1) SiLK Tool Suite rwpcut(1)

rwpcut - Outputs a tcpdump dump file as ASCII 

  rwpcut [--columnar]
         [--delimiter=DELIMITER]
         [--epoch-time]
         [--fields=PRINT_FIELDS]
         [--integer-ips]
         [--zero-pad-ips]
         FILE...

rwpcut outputs tcpdump files in an easy to parse way. It supports a user-defined list of fields to output and a user-defined delimiter between columns.

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option.

OUTPUT SWITCHES

--columnar
Pad each field with whitespace so that it always takes up the same number of columns. The two payload printing fields, payhex and payascii, never pad with whitespace.
--delimiter=DELIMITER
DELIMITER is used as the delimiter between columns instead of the default '|'.
--epoch-time
Display the timestamp as epoch time seconds instead of a formatted timestamp.
--fields=PRINT_FIELDS
PRINT_FIELDS is a comma-separated list of fields to include in the output. The available fields are:

timestamp - packet timestamp sip - source IP address. dip - destination IP address sport - source port dport - destination port proto - IP protocol payhex - Payload printed as a hex stream payascii - Payload printed as an ascii stream. Non-printing characters are represented with periods.

--integer-ips
Display IP addresses as integers instead of in dotted quad notation.
--zero-pad-ips
Pad dotted quad notation IP addresses so that each quad occupies three columns.

In the following examples, the dollar sign ("$") represents the shell prompt. The text after the dollar sign represents the command line. 

 $ rwpcut --fields=sip,dip,sport,dport,proto --columnar data.dmp

                sip|            dip|sport|dport|proto|
    220.245.221.126|  192.168.1.100|21776| 6882|    6|
    220.245.221.126|  192.168.1.100|21776| 6882|    6|


 $ rwpcut --fields=timestamp,payhex data.dmp

(Carriage returns mid-payload added for legibility)

    timestamp|payhex|
    2005-04-20 04:28:59.091470|4500003cd85840003206f3e2dcf5dd7
    ec0a8016455101ae2811b6bce00000000a002ffff59990000020405ac0
    10303000101080a524dc5cc00000000|
    2005-04-20 04:29:02.057390|4500003cd88c40003206f3aedcf5dd7
    ec0a8016455101ae2811b6bce00000000a002ffff59930000020405ac0
    10303000101080a524dc5d200000000|

rwptoflow(1), silk(7)

Note that payhex and payascii do not whitespace pad themselves if --columnar is used.

The payascii field does not escape the delimiter character in any way, so care should be taken when parsing it.

2022-04-12 SiLK 3.19.1
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.