Quick and silly indexing (for tshark dumps, but the same technique can be used on other structured files)
Create a textual tshark dump:
tshark -n -V -r koko.pcap > koko.pcap.txt
Index all frame start positions by byte/line in the textual dump:
grep -bn "^Frame " koko.pcap.txt > koko.idx.txt
Search for a specific frame using the index:
grep ":Frame 2291765:" koko.idx.txt
440357304:40366308773:Frame 2291765: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Open the text dump seeking directly in the specified byte position using less:
less -n +"40366308773P" koko.pcap.txt
No comments:
Post a Comment