Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
rwpcut(1)			SiLK Tool Suite			     rwpcut(1)

NAME
       rwpcut -	Outputs	a tcpdump dump file as ASCII

SYNOPSIS
	 rwpcut	[--columnar]
		[--delimiter=DELIMITER]
		[--epoch-time]
		[--fields=PRINT_FIELDS]
		[--integer-ips]
		[--zero-pad-ips]
		FILE...

DESCRIPTION
       rwpcut outputs tcpdump files in an easy to parse	way.  It supports a
       user-defined list of fields to output and a user-defined	delimiter
       between columns.

OPTIONS
       Option names may	be abbreviated if the abbreviation is unique or	is an
       exact match for an option.

       OUTPUT SWITCHES

       --columnar
	   Pad each field with whitespace so that it always takes up the same
	   number of columns.  The two payload printing	fields,	payhex and
	   payascii, never pad with whitespace.

       --delimiter=DELIMITER
	   DELIMITER is	used as	the delimiter between columns instead of the
	   default '|'.

       --epoch-time
	   Display the timestamp as epoch time seconds instead of a formatted
	   timestamp.

       --fields=PRINT_FIELDS
	   PRINT_FIELDS	is a comma-separated list of fields to include in the
	   output.  The	available fields are:

	   timestamp - packet timestamp	sip	  - source IP address.	dip
	   - destination IP address sport     -	source port dport     -
	   destination port proto     -	IP protocol payhex    -	Payload
	   printed as a	hex stream payascii  - Payload printed as an ascii
	   stream.  Non-printing characters are	represented with periods.

       --integer-ips
	   Display IP addresses	as integers instead of in dotted quad
	   notation.

       --zero-pad-ips
	   Pad dotted quad notation IP addresses so that each quad occupies
	   three columns.

EXAMPLES
       In the following	examples, the dollar sign ("$")	represents the shell
       prompt.	The text after the dollar sign represents the command line.

	$ rwpcut --fields=sip,dip,sport,dport,proto --columnar data.dmp

		       sip|	       dip|sport|dport|proto|
	   220.245.221.126|  192.168.1.100|21776| 6882|	   6|
	   220.245.221.126|  192.168.1.100|21776| 6882|	   6|

	$ rwpcut --fields=timestamp,payhex data.dmp

       (Carriage returns mid-payload added for legibility)

	   timestamp|payhex|
	   2005-04-20 04:28:59.091470|4500003cd85840003206f3e2dcf5dd7
	   ec0a8016455101ae2811b6bce00000000a002ffff59990000020405ac0
	   10303000101080a524dc5cc00000000|
	   2005-04-20 04:29:02.057390|4500003cd88c40003206f3aedcf5dd7
	   ec0a8016455101ae2811b6bce00000000a002ffff59930000020405ac0
	   10303000101080a524dc5d200000000|

SEE ALSO
       rwptoflow(1), silk(7)

BUGS
       Note that payhex	and payascii do	not whitespace pad themselves if
       --columnar is used.

       The payascii field does not escape the delimiter	character in any way,
       so care should be taken when parsing it.

SiLK 3.19.1			  2020-08-27			     rwpcut(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=rwpcut&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help