question about usage of editcap

Question

Hi all, I'm very beginner with wireshark and posting to know how can i use editcap. refer to the below

alt text

abc.pcap is present under /Program Files/Wireshark/ and hope to create another output file(123.pcap) with count=100 but editcap shows "Permission denied" on my console(windows 7) how can i fix it?

Accepted Answer

My guess is you're trying to create this 123.pcap file in a directory you don't have permissions to create files in, or there's an existing file of that name you don't have permissions to overwrite. Try running editcap from a different directory so the file gets created in a directory you have permissions for, or put a path to such a directory in front of the 123.pcap filename.

Like try this:

editcap -r abc.pcap ..\123.pcap 100

Answer 2

As per the answer from @Hadriel, this is a permissions problem in that a normal cmd prompt doesn't have write access to the Program Files directory, but an elevated cmd prompt does. However the reason for this restriction is that it's generally not a good idea as:

Inadvertent writes to the directory could break something.
Running Wireshark suite components with administrator privileges might be a security risk.

Changing to a directory that does allow you to write to it, e.g. the users Documents, then brings the issue that the Wireshark binaries are not on the path, so you must either specify the full path on the command line, i.e. in your case "C:\Program Files\Wireshark\editcap.exe", using the quotes because the path is a space in it, or add the C:\Program Files\Wireshark directory to the path either temporarily for the cmd prompt session using set PATH=%PATH%;C:\Program Files\Wireshark or more permanently using the "Environment Variables" dialog from the "System Properties" dialog to set the user or system PATH to include the Wireshark directory.