I want to know how to convert a file .pcap to a plain text, i've tried using: tcpdump -r input.pcap > output.txt and it works, but the text inside the file isn't the same data in the pcap file when I open the pcap in wireshark I want to export to text without using wireshark interface, I want to do it through the terminal in Linux. asked 22 Sep '11, 20:35  julle edited 22 Sep '11, 21:05  cmaynard ♦♦ |
2 Answers:
If you're looking for help with tcpdump, you're at the wrong place. See the tcpdump man page or post your question to the tcpdump mailing list. On the other hand, if you meant to type tshark, then you should refer to the tshark man page, as there are many options to control the output, depending on your needs. You can also get help by running One quick example, just to get you started, is: answered 22 Sep '11, 21:05 cmaynard ♦♦ |
tcpdump dissects packets differently from Wireshark, so As Chris Maynard noted, you need to use a program that dissects packets the same way Wireshark does; TShark uses the same dissector code that Wireshark does, so it's the program to use. answered 23 Sep '11, 00:55  Guy Harris ♦♦ |
