Wireshark-users: Re: [Wireshark-users] Converting from pcapng to pcap?
From: j.snelders@xxxxxxxxxx
Date: Wed, 19 Aug 2009 07:34:27 +0200
Hi Joshua,
What version are you using?
It works fine on: Version 1.1.3 (SVN Rev 27807).
On Version 1.2.1. (SVN Rev 29141) I get a lot of errors:
editcap.exe: 2460
capinfos.exe: 3876
Joan
Hi Joshua,
The default output file type is libcap.
Just use:
editcap <infile> <outfile>
$ editcap test.pcapng test.pcap
$ editcap -h
Output File(s):
-F <capture type> set the output file type, default is libpcap
an empty "-F" option will list the file types
Hope this helps
Joan
On Tue, 18 Aug 2009 11:31:44 -0400 Joshua Wright wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I have a large collection of pcapng packet captures that I need to
>convert into libpcap format for compatibility with a variety of tools.
>
>I'm using revision 29467 from SVN just a few minutes ago:
>
>$ wireshark -v
>wireshark 1.3.0 (SVN Rev 29467 from /trunk)
>
>Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with
>libz 1.2.3.3, without POSIX capabilities, without libpcre, without SMI,
>without c-ares, without ADNS, without Lua, without Python, without
>GnuTLS, without Gcrypt, with MIT Kerberos, without GeoIP, without
>PortAudio, without AirPcap.
>Running on Linux 2.6.28-15-generic, with libpcap version 1.0.0.
>Built using gcc 4.3.3.
>
>
>Capinfos reveals that the capture files I am dealing with are pcapng:
>
>$ capinfos netlog_00021_20090817170026.trc
>File name: netlog_00021_20090817170026.trc
>File type: Wireshark - pcapng (experimental)
>File encapsulation: Ethernet
>Number of packets: 28621
>File size: 25601292 bytes
>Data size: 24647325 bytes
>Capture duration: 97 seconds
>Start time: Mon Aug 17 20:00:25 2009
>End time: Mon Aug 17 20:02:02 2009
>Data byte rate: 254082.68 bytes/sec
>Data bit rate: 2032661.43 bits/sec
>Average packet size: 861.16 bytes
>Average packet rate: 295.05 packets/sec
>
>I've tried a few tools, but none support converting from pcapng to
>libpcap format:
>
>$ editcap -F libpcap netlog_00021_20090817170026.trc out.dump
>editcap: Can't open or create out.dump: Files from that network type
>can't be saved in that format
>$ tshark -r netlog_00021_20090817170026.trc -w out.dump
>tshark: The capture file being read can't be written in that format.
>
>If I open the packet capture in Wireshark and click File | Save As, I
>can save it as a libpcap file, but I need to convert *hundreds* of
>files, and the GUI route is just too slow.
>
>Are there any options for command-line conversion from pcapng to pcap
>format?
>
>Thank you.
>
>- -Josh
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.9 (MingW32)
>
>iEYEARECAAYFAkqKyWAACgkQapC4Te3oxYxQNgCdGV91CWyYQd9U+CtV/F2sb0t5
>mIwAoI/jdz6EWgevaj3Uw2SiJ1nCqGRt
>=nw54
>-----END PGP SIGNATURE-----
- Prev by Date: Re: [Wireshark-users] Converting from pcapng to pcap?
- Next by Date: Re: [Wireshark-users] Understand wireshark data
- Previous by thread: Re: [Wireshark-users] Converting from pcapng to pcap?
- Next by thread: [Wireshark-users] need to find what blocks icmp
- Index(es):