Hi ! If pcap can be converted to txt by using: "tshark -V -r original.pcap > file_to_convert.txt" and pcap can be converted to txt: "text2pcap.exe -e 0x800 file_to_convert.txt result.pcap", why does the resulted file have a different dimension from the original one? Is there something that I could change in order to make it right ? Thank you ! |
Because the output of tshark -V is not the input format of text2pcap. See the manual of text2pcap for the format requirements. These programs are not each others opposite. Thank you !! Is there a combination of programs that would result a file the same with the original ?
(20 Nov '12, 06:44)
AvL
I've changed the commands , but i still don't get the expected result . Is it possible to get the original as final output ? Or am I searching something that can't be done ? Thanks !
(20 Nov '12, 07:45)
AvL
Sure. od the pcap file, run it through a Perl script to filter out the PCAP headers and construct a text dump file in the specified format. Better yet, have the Perl script read the PCAP file directly, using NET::TcpDumpLog. The Perl script you'll have to write though.
(21 Nov '12, 04:17)
Jaap ♦
Thanks ! I'll try that .
(21 Nov '12, 05:35)
AvL
|