September 2009
Beginner
942 pages
85h 34m
English
Content preview from Linux in a Nutshell, 6th EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Name
tcpslice
Synopsis
tcpslice [options] [start[end]]files
System administration command. Reads and manipulates packet capture files created by tcpdump -w. Based on timestamps, extract portions of or merge together files. Display all packets between the given start and end times. tcpslice understands most time and date formats. tcpslice also understands a relative time format specified as a unit of time--e.g., +1h10m to specify the first hour and ten minutes of packets in the specified files. This format is named ymdhmsu after the letters it uses to denote units of time: years, months, days, hours, minutes, seconds, and microseconds. If no constraining dates are specified, the command will print out all packets contained in files.
Options
- -d
Print the start and end time of the specified range, then exit.
- -D
When merging files, don’t discard duplicate packets.
- -l
Merge packets based on the time relative to the start of the file. The default is to merge based on the absolute timestamp.
- -r
Print the time and date of the first and last packet in each file, then exit.
- -R
Print the raw timestamp of the first and last packet in each file, then exit.
- -t
Print times associated with the first and last packet in each file in ymdhmsu format.
- -w file
Write output to file instead of standard output.