This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

pcap to txt

0

Hi !

If pcap can be converted to txt by using: "tshark -V -r original.pcap > file_to_convert.txt" and pcap can be converted to txt: "text2pcap.exe -e 0x800 file_to_convert.txt result.pcap", why does the resulted file have a different dimension from the original one?

Is there something that I could change in order to make it right ?

Thank you !

asked 20 Nov '12, 06:19

AvL's gravatar image

AvL
1224
accept rate: 0%

edited 20 Nov '12, 06:30

Jaap's gravatar image

Jaap ♦
11.7k16101
One Answer:
active answersoldest answersnewest answerspopular answers
1

Because the output of tshark -V is not the input format of text2pcap. See the manual of text2pcap for the format requirements. These programs are not each others opposite.

permanent link

answered 20 Nov '12, 06:33

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thank you !!

Is there a combination of programs that would result a file the same with the original ?

(20 Nov '12, 06:44) AvL

I've changed the commands , but i still don't get the expected result . Is it possible to get the original as final output ? Or am I searching something that can't be done ?

Thanks !

(20 Nov '12, 07:45) AvL

Sure. od the pcap file, run it through a Perl script to filter out the PCAP headers and construct a text dump file in the specified format. Better yet, have the Perl script read the PCAP file directly, using NET::TcpDumpLog. The Perl script you'll have to write though.

(21 Nov '12, 04:17) Jaap ♦

Thanks ! I'll try that .

(21 Nov '12, 05:35) AvL
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×1,620
×238
×19
×16
×9

question asked: 20 Nov '12, 06:19

question was seen: 7,627 times

last updated: 21 Nov '12, 05:35

Related questions

Empty pcap file from converting a syslog server text file to pcap

Help with a tshark cmd

Sniffing packets from mobile devices, what wifi card to use?

Difference between .PPP & .PCAP files ?

After converting pcap to text , I want only data part in text file how can i do that?

implementing autostop condition on packet capture!

Filter multiple IPs

Providing each packet to wireshark using command line

How to retrieve a selected packet from dump file?

wireshark timestamp

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A