
Usage:

extract -a     		ASCII output (default)
        -b     		Binary output
	-n     		No reverse hostname lookups on ASCII output
	-h		Print out brief help message
        -e script  	Specify script on command line (like sed -e)
	-E script	Specify script on command line
        -f file  	Specify script file (like awk -f)
	-F file		Specify script file
        -d file  	Specify dump file to read (default stdin)
        -o file  	Specify output file (default stdout)

Multiple '-e', '-E', '-f' and '-F' options can be given.  They are,
in effect, treated as a single input file.  '-e' and '-f' scripts
are appended to the "input" file, while '-E' and '-F' scripts are
prepended.  Using '-E' or '-F', one can add additional functionality
to extract script files from the command line.

If neither -e or -f is given, then it is equivalent to -e '{print}'
which will print all records.


Script syntax:

condition { action ; action ... }

Where condition is used to select records for which the set of
actions is to be performed on.  condition can be "" in which case
all records are selected.

Actions:

print 	print the record
next    Skip to next record, start processing at top of script


Conditionals:

net   =, != hostname|ipaddr [/ netmask]
srcnet =, != hostname|ipaddr [/netmask]
dstnet =, != hostname|ipaddr [/netmask]
host =, !=, <, >, <=, >= hostname|ipaddr
srchost =, !=, <, >, <=, >= hostname|ipaddr
dsthost =, !=, <, >, <=, >= hostname|ipaddr
srcport =, !=, <, >, <=, >= service-name|port#
dstport =, !=, <, >, <=, >= service-name|port#
date =, !=, <, >, <=, >= MM/DD/YY | MM/DD | today | yesterday
time =, !=, <, >, <=, >= HH:MM:SS | HH:MM
before MM/DD/YY [HH:MM] | today [HH:MM] | yesterday [HH:MM]
since MM/DD/YY [HH:MM] | today [HH:MM] | yesterday [HH:MM]

Connectors:

and, &&   Short circuited boolean and
or, ||    Short circuited boolean or
not, !    Unary negation

All operators have equal precedence.  Parenthesis can be used
to group subexpressions.
