Hi,
I have a big collection of traffic traces taken using tcpdump and I am now interested in extracting just the timestamp, MAC src/dst, IP src/dst and transport protocol port number. I tried to extract just this information using tcpdump and awk in conjunction (something like this tcpdump -nr try -vvv -e | awk '{print $1, $2, $4, $25, $27}'). But this fits the pattern for tcp/udp packets, in case where there are some other packets, this fails totally.

If in case this packet is something else, then I either want to skip it from the final output or have some visible indication of which packet it is.

How do I do this using tcp dump?

I am using a pcap file as an input.

Assuming I understand your question, you can have tcpdump do some of the lifting for you with a filter.

For more info about filters, see the manpages for tcpdump(8) and/or pcap_filter(7). (Depends on your system.)

hi,
Thanks for the response..I had already tried this, but when I ran this on a very small trace file (60packets), it was really slow when compared to what I had mentioned earlier. Is this normal? the running time is something like 30 seconds, which I dont understand why.

Just to make my case simpler, how do i filter or export timestamp, MAC src/dst, IP src/dst and transport protocol port number from large trace files into a text file.