Hi ! If pcap can be converted to txt by using: "tshark -V -r original.pcap > file_to_convert.txt" and pcap can be converted to txt: "text2pcap.exe -e 0x800 file_to_convert.txt result.pcap", why does the resulted file have a different dimension from the original one? Is there something that I could change in order to make it right ? Thank you ! asked 20 Nov '12, 06:19  AvL edited 20 Nov '12, 06:30  Jaap ♦ |
One Answer:
Because the output of tshark -V is not the input format of text2pcap. See the manual of text2pcap for the format requirements. These programs are not each others opposite. answered 20 Nov '12, 06:33 Jaap ♦ |
Thank you !!
Is there a combination of programs that would result a file the same with the original ?
I've changed the commands , but i still don't get the expected result . Is it possible to get the original as final output ? Or am I searching something that can't be done ?
Thanks !
Sure. od the pcap file, run it through a Perl script to filter out the PCAP headers and construct a text dump file in the specified format. Better yet, have the Perl script read the PCAP file directly, using NET::TcpDumpLog. The Perl script you'll have to write though.
Thanks ! I'll try that .