fstrm_dump − Display metadata and contents of Frame Streams file.
fstrm_dump input-file [output-file]
fstrm_dump opens input-file and prints its framing metadata to stderr and frame data to stdout. The input-file may be "-" to read Frame Streams data from standard input.
Frame data is printed as a single line quoted string with non-printable characters replaced by backslash-prefixed hex escape sequences. For example, a frame containing "Hello, world\n" would have its data printed as:
"Hello, world\x0a" |
The only framing metadata expected in a Frame Streams file are the start frame with a content type field, the data frame lengths, and the stop frame. These are printed, respectively, as:
FSTRM_CONTROL_START | |
FSTRM_CONTROL_FIELD_CONTENT_TYPE (N bytes) | |
"content-type" | |
Data frame (N) bytes | |
FSTRM_CONTROL_STOP |
If fstrm_dump is given the second output-file parameter, input frames are additionally written to output-file. This is mainly useful for regression testing of the fstrm_file_writer code.
fstrm_capture(1),
fstrm_replay(1),
Frame Streams C Library
https://farsightsec.github.io/fstrm