> Shawn Ostermann's (CCed) tcptrace program sort of does what you
> want.  It can create tcpdump output files based on the given input
> file (which can be in any number of different formats including
> snoop).

That's correct.

> I just played with it for a minute and the problem seems to
> be that the program only dumps the TCP packets into the output
> tcpdump file.

With a "-u", it'll dump the UDP packets too.


> So, if you have files that contain lots of other stuff (and it
> matters), you might have to hack the program a little.
> But, the basics are there.

Non-IP traffic is dumped in the capture modules, so they would need
some work, too.



> (And, there is a chance that Shawn will
> tell us there is a magic option that makes this happen already.  I
> couldn't find one, but my eyes sort of glaze over when looking at
> the very long option list.).

Nope, sorry.  The pieces are all there, but there are clearly some
holes if you want ALL the packets.  Also, everything is turned into
ethernet frames during the processing, so non-ether frame information
will be lost.

--sdo