Questions tagged [pcap]
For questions about the packet capturing dump file (pcap format) used in a variety of applications like Wireshark, tcpdump and WinPcap. Use this tag when you have questions about a capture from an on topic network device or need help troubleshooting it.
36 questions
1
vote
2
answers
167
views
VoIP SIP PCAP issue
I have a question for anyone who might know the answer. My boss has asked me to PCAP a SIP stream from a VOIP phone by plugging my laptop into the same unmanaged switch, without enabling port ...
- 13
0
votes
1
answer
170
views
Bittwiste unexpected behaviour when changing MAC address
bittwiste version 2.0 libpcap version 1.9.1 on Catalina vía Homebrew
I have a pcap file foo.pcap with conversation between MAC addresses a2:f6:51:d0:0e:13 and ac:93:c4:be:6b:8c
I run:
bittwiste -I ...
- 103
2
votes
1
answer
280
views
Is there a way to precompile data from pcap to speed up booting wireshark?
Is there a way to precompile/precalculate the data from a pcap file to speed up booting wireshark?
I have a big pcap file and wireshark is crashing when I try to open it.
I know it sums and computes a ...
- 141
4
votes
2
answers
2k
views
Capturing LACP PDUs in an aggregated link on Juniper MX
We need to capture LACP PDUs on a member link of an aggregated bundle link on Juniper MX connected with other router via DWDM link and save the output in .pcap format using write-file knob.
Can ...
- 1,182
1
vote
0
answers
342
views
What is the best way to match packets across pcap files from different capture points? [closed]
I have multiple pcap files which contain data from different capture points in the network.
Previously I thought that by using the IP-ID field I can match the packets across the capture files but I ...
- 226
9
votes
2
answers
11k
views
What is the difference between tshark, dumpcap and others for collecting/sniffing traffic?
Wireshark provides tshark and dumpcap, and I've also seen people using the wireshark binary or even tcpdump to collect/save network traffic.
Online it is claimed that tshark or dumpcap hardly make a ...
- 193
0
votes
1
answer
87
views
TCP protocol mystery [closed]
I am attempting to compile, with pcap-filter, the following string:
host yb-in-f91.1e100.n
Obtained from the following command:
netstat -t
output line: tcp 0 0 os-info:portnum yb-in-f91.1e100.n
...
- 103
0
votes
1
answer
806
views
What type of attack could this be ? (Wireshark pcap) [closed]
If I understand it correctly the "client" sent an unencrypted password to the pop3 server consisting of a long string of As. Is this a type of attack and if yes, how does it work?
- 1
0
votes
0
answers
211
views
Wireshark packet read starting from a custom protocol
Pardon the badly-framed question title, I am struggling with it but could not find the best way to frame it. I have a program in which I use libpcap for dumping packets at various points in the ...
0
votes
0
answers
111
views
Import Embedded Packet Capture output into Wireshark
I did packet capturing with cisco's Embedded Packet Capture and I would like to view the output in Wireshark.
The problem is that I only have CLI access to the device, so exporting via TFTP is not an ...
- 383
0
votes
1
answer
1k
views
How to extract destination MAC from PCAP? [closed]
I have PCAPs collected at the Raspberry Pi (from this paper). I want to extract the following headers:
Ether header (3)
IP header (12)
TCP header (10)
UDP header (4)
Then convert the PCAP into csv.
...
2
votes
1
answer
827
views
Capture filter for vlan tagged packets and non vlan tagged packets of specific ethertype
I am trying to capture traffic of ethertype 0x88b8. Some of them may be vlan tagged and some of them might not be, but the and and or operators are not behaving in the way I expect.
My first attempt ...
- 123
1
vote
1
answer
4k
views
How to use ICMP to send message
I was trying to send ICMP package with Payload/Message on server_A to server_B(10.1.1.5) as following:
ping -p 12345 10.1.1.5.
but when I use Tcpdump to capture the ICMP package from server_A, I ...
- 317
1
vote
1
answer
934
views
Filter pcap file by layer and save to another format [closed]
I captured packets in wireshark, filtered for the protocol I'm interested in (DIS), then exported this to a pcap file. I'd like to do analysis on this data in Python. The only part I'm interested in ...
- 111
0
votes
2
answers
3k
views
Problem with downloading pcap capture from Cisco ASA
There is a problem with downloading pcap capture from Cisco ASA 5520 from https://<ip_of_asa>/admin/capture/<capture_name>/pcap - an empty file with size 24 bytes is downloaded while https:...
- 101