1

There appears to be 3 different file formats associated with the ".pcap" extension -- libpcap /w microsecond timestamps, libpcap /w nanosecond timestamps, and pcapng.

Is there an easy way to differentiate between them that is scriptable? Either cmd, powershell, or bash is acceptable.

mdpc
  • 4,489
Chuu
  • 765

1 Answers1

1

You can verify the file type of pcap files with capinfos (e.g., simply enter capinfos your_capture.pcap in the command line).

capinfos is available with the WireShark distribution.

vincent
  • 126