Highest Voted 'pcap' Questions

18

votes

2 answers

What's all this deploy.akamaitechnologies.com traffic?

I happened to do a tcpdump while leaving my Mac idle, and when I came back after a mere half-hour there were something like 5000 packets involving deploy.akamaitechnologies.com, in which my computer was asking it on port TCP 443 for something, and…

wireshark tcpdump pcap

asked Aug 16 '12 at 17:16

Warren

269
1
3
6

5

votes

1 answer

Why does tcpdump take so long to read pcap files?

I am using a third-party tool that captures network traffic as a pcap file during a network test. When I attempt to play these files back, I use the tcpdump tool with the -Aq -r options, and pipe the output to grep. Some of the captures are 600 KB…

tcpdump pcap

asked Mar 29 '14 at 06:07

Steve HHH

7,430

5

votes

2 answers

Follow a .pcap file in wireshark like tail -f

I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark. Is there any solution?

wireshark pcap

asked Mar 18 '13 at 16:49

christophrus

181

2

votes

1 answer

How to split pcap files maintaining tcp sessions

I have a pcap file which contains tcp traces. I was wondering if there's a way to split these traces in order to maintain tcp flows, but also filtering the traffic on a src ip basis. For example, if into my network I have ip addresses which belong…

tcp wireshark tcpdump pcap

asked Jan 07 '15 at 09:28

user3098549

121
3

2

votes

2 answers

How to extract mpeg-1 stream from pcap in wireshark

I have a pcap network dump that has an MPEG-1 stream inside and I would like to play the mpeg stream. So far I've tried playing through the RTP analyzer but that plays without any sound. I've also tried to save the stream as a .mpg file but that…

wireshark mpeg pcap

asked Jul 29 '12 at 02:04

Jason Axelson

1,900

2

votes

1 answer

Filebeat not receiving packets from replayed pcap file, but tcpdump is

I'm replaying a PCAP file containing UDP packets only using tcpreplay, from one server to another (same IP subnet). The destination MAC address and IP address have been changed to that of the receiving server using tcprewrite. When I did a tcpdump…

pcap tcpreplay

asked Nov 28 '24 at 07:31

Rayne

623

2

votes

3 answers

How to filter packets with distinct source address in wireshark?

I have a pcap file and I want to wireshark shows me packets with distinct source address. How can I do this in wireshark?

wireshark sorting packet pcap

asked Jan 23 '17 at 20:47

Richard

117

1

vote

2 answers

How do capture filters in Wireshark work internally?

I am wondering exactly what happens internally in TShark when I use a capture filter. Specifically, let's say I have the following filter to capture multicast data: host 224.0.26.3 && port 12345 Does wireshark: Ask the OS to copy all packets on…

wireshark sniffing pcap

asked Sep 26 '14 at 16:39

Chuu

765

1

vote

1 answer

Provide Session Master Key to Wireshark UI?

I'm working on an issue with HTTPS. I suspect its related to client certificates. I want to read some of the encrypted handshake messages that follows the ServerHelloDone message. (Once the ServerHelloDone is sent, the stream usually switches to…

ssl wireshark pcap

asked Aug 07 '14 at 20:48

jww

12,722

1

vote

2 answers

Compile Jnetpcap library for ARM platform?

I am trying to execute a java project on arm platform. my code use jnetpcap library. but when i execute the program it shows me an error "/usr/lib/jnetpcap.so: cannot open shared object: no such file or directory (possible cause: can't load IA…

arm pcap

asked Nov 29 '13 at 15:55

ALi

31

1

vote

1 answer

How do I flush Moloch?

I've installed Moloch and the documentation is a bit thin. Does anyone know how I can flush both the database and pcap logs to return the system to a freshly installed state? There is a script for expiring old data from the db but I'd like to get…

pcap

asked May 29 '13 at 10:52

Simmo

113
1
5

1

vote

1 answer

How to differentiate between three different flavours of pcap files?

There appears to be 3 different file formats associated with the ".pcap" extension -- libpcap /w microsecond timestamps, libpcap /w nanosecond timestamps, and pcapng. Is there an easy way to differentiate between them that is scriptable? Either…

wireshark pcap

asked Jan 03 '13 at 22:23

Chuu

765

1

vote

3 answers

Trouble with mergecap [ concatenation of pcap files ] - undesired info in output file

I hope somebody will be able to help me... The problem is with merging multiple .pcap files. Recently - like a week ago I've used a mergecap to merge mutiple pcap files into one. Everything worked fine. Here is how i do it: mergecap -w…

backtrack tcpdump pcap

asked Dec 10 '12 at 13:19

mnmnc

4,257

1

vote

1 answer

How to enter pcap filter in Wireshark 1.8?

Previously in capture options window there was a very handy input field for pcap filter expression. But in 1.8.* this window looks different: So, how to set pcap filter expression before starting capture in wireshark >= 1.8?

gui wireshark pcap

asked Jul 30 '12 at 20:02

imax

134

1

vote

0 answers

kali linux filter by protocol wireshark's pcaps

I spent the last 2h looking for a way to quikly filter pcaps, it seems that it is possible using cmd/bat on windows but I can't find anything for kali linux. I have a way too big pcap and I want to reduce it size by creating a new pcap without all…

kali-linux wireshark pcap

asked Dec 10 '23 at 22:48

the shadow

23

Questions tagged [pcap]