I want to convert a file of type application/octet-stream to .pcap. I tried using text2pcap but its output on terminal is "Read 0 potential packets, wrote 0 packets" asked 09 Nov '12, 01:23  Akhil edited 09 Nov '12, 01:23 |
One Answer:
without further information you can't, because application/octet-stream is just a MIME type to encode data in several protocols. Unless the encoded data is already in pcap format, there is no way to create a meaningful pcap file from that data. Think about it yourself:
As you did not explain anything about the nature of your encoded data, the circumstances and the reason why you need to convert that data to a pcap file, nobody will be able to give a helpful/meaningful answer. Please consider to be more specific in your questions. It will help yourself and it will help others to help you. I suggest you add at least these things to your questions
BTW: text2pcap accepts only data in the format defined in the following link
Regards answered 09 Nov '12, 02:25  Kurt Knochner ♦ edited 09 Nov '12, 02:27 |
Wireshark version:1.7.0 OS Ubuntu 10.04
I have a file which contains amf packet but i can't open it in wireshark. So i am converting it into .pcap.
Error message of Wireshark :isn't a capture file in a format Wireshark understands.
I opened the file in Bless Hex Editor and copied the hex values in a text document and executed the following command: text2pcap amf1 outfile. The output for this is Read 0 potential packets, wrote 0 packets
O.K. now we need a sample of the data. Please post the amf packet here (or at pastebin.com).