> i think this will accomplish what you want: > # tcpdump -ln ip| awk '{print $1,",", $5}' | sed 's/\.[0-9]*:$//'
The output looks fantastic, nearly exactly the format I wanted! One question, though. I see "h.m.s:ms, a.b.c.d.x:", and I'm wondering what the 'x' is? By the frequent occurences of 80, I'm guessing these are port numbers, but I'd like to be sure :) > this won't work with icmp though... That's fine, I'm only interested in IP traffic. Thanks so much, you're terrific! --Paul - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.