Terry There is a command line component to Wireshark called tshark.
You can extract the data based on filters etc Eric -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Monday, September 20, 2010 9:05 AM To: IBMVM@LISTSERV.UARK.EDU Subject: .PCAP file form TCPDUMP in REDHAT ------_=_NextPart_002_01CB58C4.974F46C7 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable =20 Hi =20 We are working on a problem and trying get a .PCAP file produced from TCPDUMP to send to IBM. We got the .PCAP file but it was 3G before being zipped. My question is are there some parameters that we can specify that will make the .PCAP file more manageable so that IBM can work with it via WIRESHARK? =20 =20 Thank You, =20 Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 =20 =20 =20 ------_=_NextPart_002_01CB58C4.974F46C7 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" = xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" = xmlns:a=3D"urn:schemas-microsoft-com:office:access" = xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" = xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" = xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" = xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" = xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" = xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" = xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" = xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" = xmlns:html=3D"http://www.w3.org/TR/REC-html40"; = xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/"; = xmlns:rtc=3D"http://microsoft.com/officenet/conferencing"; = xmlns:D=3D"DAV:" xmlns:Repl=3D"http://schemas.microsoft.com/repl/"; = xmlns:mt=3D"http://schemas.microsoft.com/sharepoint/soap/meetings/"; = xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml"; = xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd"; = xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/"; = xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/"; = xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#"; = xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp"; = xmlns:udc=3D"http://schemas.microsoft.com/data/udc"; = xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema"; = xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/ "= xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"; = xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/"; = xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/"; = xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance"; = xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap"; = xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"; = xmlns:udcp2p=3D"http://schemas.microsoft.com/data/udc/parttopart"; = xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/"; = xmlns:dsss=3D"http://schemas.microsoft.com/office/2006/digsig-setup"; = xmlns:dssi=3D"http://schemas.microsoft.com/office/2006/digsig"; = xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/2006/digital-si g= nature" = xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/200 6= " xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; = xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationsh i= ps" xmlns:spwp=3D"http://microsoft.com/sharepoint/webpartpages"; = xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types "= = xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messa g= es" = xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/SlideLibrary /= " = xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortalServer/Pu b= lishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" = xmlns:st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40";> <head> <meta name=3D"Microsoft Theme 2.00" content=3D"Eclipse 011"> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)"> <!--[if !mso]> <style> v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:"Goudy Old Style"; panose-1:2 2 5 2 5 3 5 2 3 3;} @font-face {font-family:Garamond; panose-1:2 2 4 4 3 3 1 1 8 3;} @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:"Arial Rounded MT Bold"; panose-1:2 15 7 4 3 5 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Calibri","sans-serif"; color:black;} h1 {mso-style-priority:9; mso-style-link:"Heading 1 Char"; margin-top:24.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; margin-bottom:.0001pt; page-break-after:avoid; font-size:16.0pt; font-family:"Calibri","sans-serif"; color:black;} h2 {mso-style-priority:9; mso-style-link:"Heading 2 Char"; margin-top:10.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; margin-bottom:.0001pt; page-break-after:avoid; font-size:14.0pt; font-family:"Calibri","sans-serif"; color:black; font-weight:normal;} h3 {mso-style-priority:9; mso-style-link:"Heading 3 Char"; margin-top:10.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; margin-bottom:.0001pt; page-break-after:avoid; font-size:13.0pt; font-family:"Calibri","sans-serif"; color:black; font-weight:normal;} h4 {mso-style-priority:9; mso-style-link:"Heading 4 Char"; margin-top:10.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; margin-bottom:.0001pt; page-break-after:avoid; font-size:14.0pt; font-family:"Calibri","sans-serif"; color:black; font-weight:normal;} h5 {mso-style-priority:9; mso-style-link:"Heading 5 Char"; margin-top:10.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; margin-bottom:.0001pt; page-break-after:avoid; font-size:13.0pt; font-family:"Calibri","sans-serif"; color:black; font-weight:normal;} h6 {mso-style-priority:9; mso-style-link:"Heading 6 Char"; margin-top:10.0pt; margin-right:0in; margin-bottom:0in; margin-left:0in; margin-bottom:.0001pt; page-break-after:avoid; font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black; font-weight:normal;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#339999; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#999999; text-decoration:underline;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:"Balloon Text Char"; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:"Calibri","sans-serif"; color:black;} span.EmailStyle17 {mso-style-type:personal-compose; color:black;} span.Heading1Char {mso-style-name:"Heading 1 Char"; mso-style-priority:9; mso-style-link:"Heading 1"; font-family:"Verdana","sans-serif"; color:black; font-weight:bold;} span.Heading2Char {mso-style-name:"Heading 2 Char"; mso-style-priority:9; mso-style-link:"Heading 2"; font-family:"Verdana","sans-serif"; color:black;} span.Heading3Char {mso-style-name:"Heading 3 Char"; mso-style-priority:9; mso-style-link:"Heading 3"; font-family:"Verdana","sans-serif"; color:black;} span.Heading4Char {mso-style-name:"Heading 4 Char"; mso-style-priority:9; mso-style-link:"Heading 4"; font-family:"Verdana","sans-serif"; color:black;} span.Heading5Char {mso-style-name:"Heading 5 Char"; mso-style-priority:9; mso-style-link:"Heading 5"; font-family:"Verdana","sans-serif"; color:black;} span.Heading6Char {mso-style-name:"Heading 6 Char"; mso-style-priority:9; mso-style-link:"Heading 6"; font-family:"Verdana","sans-serif"; color:black;} span.BalloonTextChar {mso-style-name:"Balloon Text Char"; mso-style-priority:99; mso-style-link:"Balloon Text"; font-family:"Tahoma","sans-serif"; color:black;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"2050" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body bgcolor=3Dwhite background=3D"cid:image001.gif@01CB58A1.D40B7250" = lang=3DEN-US link=3D"#339999" vlink=3D"#999999"> <img src=3D"cid:image001.gif@01CB58A1.D40B7250" v:src=3D"cid:image001.gif@01CB58A1.D40B7250" v:shapes=3D"_x0000_Mail" = width=3D0 height=3D0 class=3Dshape style=3D'display:none;width:0;height:0'><!--[if = gte mso 9]><xml> <v:background id=3D"_x0000_s1025" o:bwmode=3D"white" = o:targetscreensize=3D"1024,768"> <v:fill src=3D"cid:image001.gif@01CB58A1.D40B7250" = o:title=3D"eclbkgnd" type=3D"frame" /> </v:background></xml><![endif]--> <div class=3DWordSection1> <p class=3DMsoNormal>Hi<o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal>We are working on a problem and trying get a .PCAP = file produced from TCPDUMP to send to IBM. We got the .PCAP file but it was 3G before = being zipped. My question is are there some parameters that we can specify = that will make the .PCAP file more manageable so that IBM can work with it via = WIRESHARK? <o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'>Thank You,<o:p></o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'><o:p> </o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'>Terry Martin<o:p></o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'>Lockheed Martin - Citic<o:p></o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'>z/OS and z/VM Performance Tuning and Operating Systems = Support<o:p></o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'>Office - 443 348-2102<o:p></o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'>Cell - 443 632-4191<o:p></o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Goudy Old Style","serif"; color:#7030A0'><o:p> </o:p></span></i></p> <p class=3DMsoNormal><i><span = style=3D'font-size:11.0pt;font-family:"Arial Rounded MT = Bold","sans-serif"; color:navy'><img width=3D229 height=3D74 id=3D"Picture_x0020_1" src=3D"cid:image002.jpg@01CB58A1.D40B7250" alt=3D"cid:image001.jpg@01C97FB5.5EAFD6C0"></span></i><i><span = style=3D'font-size: 11.0pt;font-family:"Goudy Old = Style","serif";color:#7030A0'><o:p></o:p></span></i></p> <p class=3DMsoNormal><o:p> </o:p></p> </div> </body> </html> ------_=_NextPart_002_01CB58C4.974F46C7-- ------------------------------------------------------------------------ The information contained in this communication is intended only for the use of the recipient(s) named above. It may contain information that is privileged or confidential, and may be protected by State and/or Federal Regulations. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender. ------------------------------------------------------------------------
