Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

rwpcut(1)			SiLK Tool Suite			     rwpcut(1)

NAME
       rwpcut - Outputs a tcpdump dump file as ASCII

SYNOPSIS
	 rwpcut [--columnar]
		[--delimiter=DELIMITER]
		[--epoch-time]
		[--fields=PRINT_FIELDS]
		[--integer-ips]
		[--zero-pad-ips]
		FILE...

DESCRIPTION
       rwpcut outputs tcpdump files in an easy to parse way.  It supports a
       user-defined list of fields to output and a user-defined delimiter
       between columns.

OPTIONS
       Option names may be abbreviated if the abbreviation is unique or is an
       exact match for an option.

       OUTPUT SWITCHES

       --columnar
	   Pad each field with whitespace so that it always takes up the same
	   number of columns.  The two payload printing fields, payhex and
	   payascii, never pad with whitespace.

       --delimiter=DELIMITER
	   DELIMITER is used as the delimiter between columns instead of the
	   default '|'.

       --epoch-time
	   Display the timestamp as epoch time seconds instead of a formatted
	   timestamp.

       --fields=PRINT_FIELDS
	   PRINT_FIELDS is a comma-separated list of fields to include in the
	   output.  The available fields are:

	   timestamp - packet timestamp sip	  - source IP address.	dip
	   - destination IP address sport     - source port dport     -
	   destination port proto     - IP protocol payhex    - Payload
	   printed as a hex stream payascii  - Payload printed as an ascii
	   stream.  Non-printing characters are represented with periods.

       --integer-ips
	   Display IP addresses as integers instead of in dotted quad
	   notation.

       --zero-pad-ips
	   Pad dotted quad notation IP addresses so that each quad occupies
	   three columns.

EXAMPLES
       In the following examples, the dollar sign ("$") represents the shell
       prompt.	The text after the dollar sign represents the command line.

	$ rwpcut --fields=sip,dip,sport,dport,proto --columnar data.dmp

		       sip|	       dip|sport|dport|proto|
	   220.245.221.126|  192.168.1.100|21776| 6882|	   6|
	   220.245.221.126|  192.168.1.100|21776| 6882|	   6|

	$ rwpcut --fields=timestamp,payhex data.dmp

       (Carriage returns mid-payload added for legibility)

	   timestamp|payhex|
	   2005-04-20 04:28:59.091470|4500003cd85840003206f3e2dcf5dd7
	   ec0a8016455101ae2811b6bce00000000a002ffff59990000020405ac0
	   10303000101080a524dc5cc00000000|
	   2005-04-20 04:29:02.057390|4500003cd88c40003206f3aedcf5dd7
	   ec0a8016455101ae2811b6bce00000000a002ffff59930000020405ac0
	   10303000101080a524dc5d200000000|

SEE ALSO
       rwptoflow(1), silk(7)

BUGS
       Note that payhex and payascii do not whitespace pad themselves if
       --columnar is used.

       The payascii field does not escape the delimiter character in any way,
       so care should be taken when parsing it.

SiLK 3.11.0.1			  2016-02-19			     rwpcut(1)

Vote for polarhome