Name
tcpslice
Synopsis
tcpslice [options] [start[end]]files
System administration command. Reads and manipulates packet capture files created by tcpdump -w. Based on timestamps, extract portions of or merge together files. Display all packets between the given start and end times. tcpslice understands most time and date formats. tcpslice also understands a relative time format specified as a unit of time--e.g., +1h10m to specify the first hour and ten minutes of packets in the specified files. This format is named ymdhmsu after the letters it uses to denote units of time: years, months, days, hours, minutes, seconds, and microseconds. If no constraining dates are specified, the command will print out all packets contained in files.
Options
- -d
Print the start and end time of the specified range, then exit.
- -D
When merging files, don’t discard duplicate packets.
- -l
Merge packets based on the time relative to the start of the file. The default is to merge based on the absolute timestamp.
- -r
Print the time and date of the first and last packet in each file, then exit.
- -R
Print the raw timestamp of the first and last packet in each file, then exit.
- -t
Print times associated with the first and last packet in each file in ymdhmsu format.
- -w file
Write output to file instead of standard output.
Get Linux in a Nutshell, 6th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
