This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

question about usage of editcap

0

Hi all, I'm very beginner with wireshark and posting to know how can i use editcap. refer to the below

alt text

abc.pcap is present under /Program Files/Wireshark/ and hope to create another output file(123.pcap) with count=100 but editcap shows "Permission denied" on my console(windows 7) how can i fix it?

asked 26 Mar '14, 21:35

Ray_Han's gravatar image

Ray_Han
566611
accept rate: 0%


2 Answers:

1

My guess is you're trying to create this 123.pcap file in a directory you don't have permissions to create files in, or there's an existing file of that name you don't have permissions to overwrite. Try running editcap from a different directory so the file gets created in a directory you have permissions for, or put a path to such a directory in front of the 123.pcap filename.

Like try this:

editcap -r abc.pcap ..\123.pcap 100

answered 26 Mar '14, 21:58

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Hi I have resolved it i executed command prompt(CMD) with non-administrator account(just user account). after executing it with administrator account, it works well. Thanks

(26 Mar '14, 23:54) Ray_Han

1

As per the answer from @Hadriel, this is a permissions problem in that a normal cmd prompt doesn't have write access to the Program Files directory, but an elevated cmd prompt does. However the reason for this restriction is that it's generally not a good idea as:

  1. Inadvertent writes to the directory could break something.
  2. Running Wireshark suite components with administrator privileges might be a security risk.

Changing to a directory that does allow you to write to it, e.g. the users Documents, then brings the issue that the Wireshark binaries are not on the path, so you must either specify the full path on the command line, i.e. in your case "C:\Program Files\Wireshark\editcap.exe", using the quotes because the path is a space in it, or add the C:\Program Files\Wireshark directory to the path either temporarily for the cmd prompt session using set PATH=%PATH%;C:\Program Files\Wireshark or more permanently using the "Environment Variables" dialog from the "System Properties" dialog to set the user or system PATH to include the Wireshark directory.

answered 27 Mar '14, 02:38

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%