Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Pcap file handle in tcl
131 views
Skip to first unread message
sambid das
Dec 27, 2018, 2:13:58 PM12/27/18
to
Hi Experts,
Can anyone help me handling a pcap file directly using TCL. I am having a pcap file which contains only the "ftp-data" packets. Using tcl I need to read the pcap file, and calculate total number of packets received.
NB:- I tried convering the pcap file to. txt file using "tshark" command to read it. But I was not able to open the txt file as it is too big to open. So the only way is to handle the pcap file directly using tcl and then calculate the no of packets in that pcap file. Please help me doing this. Its bit urgent for me.
Can anyone help me handling a pcap file directly using TCL. I am having a pcap file which contains only the "ftp-data" packets. Using tcl I need to read the pcap file, and calculate total number of packets received.
NB:- I tried convering the pcap file to. txt file using "tshark" command to read it. But I was not able to open the txt file as it is too big to open. So the only way is to handle the pcap file directly using tcl and then calculate the no of packets in that pcap file. Please help me doing this. Its bit urgent for me.
Rich
Dec 27, 2018, 3:06:02 PM12/27/18
to
sambid das <sambi...@gmail.com> wrote:
> Hi Experts,
>
> Can anyone help me handling a pcap file directly using TCL. I am
> having a pcap file which contains only the "ftp-data" packets. Using
> tcl I need to read the pcap file, and calculate total number of
> packets received.
Consider the tclpcap extension: https://wiki.tcl-lang.org/page/tclpcap+man+page
> Hi Experts,
>
> Can anyone help me handling a pcap file directly using TCL. I am
> having a pcap file which contains only the "ftp-data" packets. Using
> tcl I need to read the pcap file, and calculate total number of
> packets received.
> But I was not able to open the txt file as it is too big to open.
only has 32-bit file offset support and you have a text file of more
than 2G in size).
> So the only way is to handle the pcap file directly using tcl and
> then calculate the no of packets in that pcap file.
chunk is the appropriate size for data contained in the text file).
stefan
Dec 27, 2018, 6:05:14 PM12/27/18
to
> NB:- I tried convering the pcap file to. txt file using "tshark" command to read it. But I was not able to open the txt file as it is too big to open. So the only way is to handle the pcap file directly using tcl and then calculate the no of packets in that pcap file. Please help me doing this. Its bit urgent for me.
I used to convert pcap files into their PDML equivalents using tshark ...
tshark -r /path/to/your.pcap -T pdml > /path/to/your.pdml
... and then processed it using tDOM ...
set fd [open $pdml r]
set doc [dom parse -channel $fd]
catch {close $fd}
$doc selectNodes {count(packet)}
HTH, Stefan
sambid das
Dec 28, 2018, 1:53:45 PM12/28/18
to
Hi Stefan,
Thanks for the solution provided. I tried the same code you suggested, but while running the "TCLSH" application is crashing saying "TCLSH APPLICATION HAS STOPPED WORKING"
Could you please help me on this
Thanks for the solution provided. I tried the same code you suggested, but while running the "TCLSH" application is crashing saying "TCLSH APPLICATION HAS STOPPED WORKING"
Could you please help me on this
stefan
Dec 28, 2018, 5:05:06 PM12/28/18
to
> Thanks for the solution provided.
This was not meant as a drop-in (copy & paste) solution. You will have to fill the blanks.
> I tried the same code you suggested, but while running the "TCLSH" application is crashing saying "TCLSH APPLICATION HAS STOPPED WORKING"
>
> Could you please help me on this
0 new messages