Changes between Version 16 and Version 17 of ToolTricks


Ignore:
Timestamp:
07/28/10 14:14:13 (10 years ago)
Author:
salcock
Comment:

Update tool tricks page

Legend:

Unmodified
Added
Removed
Modified
  • ToolTricks

    v16 v17  
    44
    55== Things all tools can do ==
    6 All tools can read off a network with {{{int:}}}/{{{bpf:}}}/{{{pcapint:}}}/{{{dag:}}}, or from stdin with {{{pcapfile:-}}}/{{{pcap:-}}}/{{{erf:-}}}/{{{legacypos:-}}}/{{{legacyatm:-}}}/{{{legacyeth:-}}}.
     6All tools can read off a network with the following formats:
     7{{{
     8  int:
     9  bpf:
     10  pcapint:
     11  dag:
     12}}}
    713
    8 All tools can write to a network with {{{int:}}}/{{{pcapint:}}}, or to standard out with {{{pcapfile:-}}}/{{{pcap:-}}}
     14The tools can also read from stdin using the following URIs:
     15{{{
     16  pcapfile:-
     17  pcap:-
     18  erf:-
     19  legacypos:-
     20  legacyatm:-
     21  legacyeth:-
     22}}}
     23
     24All tools can write to a network with {{{int:}}} or {{{pcapint:}}}, or to standard out with {{{pcapfile:-}}}, {{{pcap:-}}} or {{{erf:-}}}
    925
    1026== Investigate what is in a trace ==
    1127{{{
    12  tracepktdump erf:trace.erf
     28 tracepktdump erf:trace.erf   
    1329}}}
     30
     31NOTE: You probably want to pipe the output through a tool like {{{less}}} for any non-trivial trace.
    1432
    1533== Get some stats about a interface/trace ==
     
    1735  tracertstats int:eth0
    1836}}}
    19 substitute {{{int:eth0}}} for {{{pcapfile:trace.gz}}} to produce stats on a trace.
     37
     38Substitute {{{int:eth0}}} for {{{pcapfile:trace.gz}}} to produce stats on a trace.
    2039
    2140== Get more detailed stats on a trace ==
     
    2544  tracertstats pcapfile:foo.pcap.gz
    2645}}}
     46
    2747Note that {{{tracereport}}}/{{{tracesummary}}} waits for its input to complete, since an interface never completes it won't ever finish tallying results.
    2848
     
    4464 traceconvert int:eth0 pcapfile:foo.pcap.gz
    4565}}}
    46 Substitute {{{pcapint:}}} for {{{int:}}} if your not on Linux.
     66
     67Substitute {{{pcapint:}}} for {{{int:}}} if you are not using Linux.
    4768
    4869To capture with a filter:
     
    5677}}}
    5778
    58 This isn't smart enough to do snapping, or anything an advanced capture suite would do.  If you need more advanced capturing software use wdcap.
     79This isn't smart enough to do snapping, or anything an advanced capture suite would do.  If you need more advanced capturing software use [http://research.wand.net.nz/software/wdcap wdcap].
    5980
    6081== To replay a trace ==
     
    7091}}}
    7192
    72 Doing decompression in a seperate thread is likely to be added to some later release of libtrace.
     93'''NOTE:''' Libtrace now natively supports threaded IO in 3.0.7, so this is no longer necessary!
    7394
    7495== 1:1 NAT from one IP range to another ==