I have been trying to use tethereal 8.2.0 to output windump-collected data in a
format that is easily analyzed by a program. What I would really like is
something that is essentially (order could be different):
date-time protocol src_ip src_prot -> dest_ip dest_port extra_stuff_ok_here
Where protocol would be: TCP, UDP, ICMP
But I can't figure how to stop it from doing this, even with the -n option:
2001-10-16 18:41:02.4086 x -> y NBSS Session request
2001-10-16 18:41:02.4091 x -> y NBSS Positive session response
2001-10-16 18:41:02.4095 x -> y SMB SMBnegprot Request
This way I dont even know if these are UDP or TCP unless I can figure out what
your coding scheme was and it has lost the information of the source ports. For
my purposes I dont care what the protocol might be exact;u. Certainly that is
very valuable information, but not for this particular program.
So that's what I want is there any way to get it? I couldn't get windump to do
what I wanted either and in particular it will not output dates, which I also
really need. Thanks!