Pcap files and entity

Question

Pcap files and entity

Running the file command with the pcap file will output something along the lines -

$ file pcap.pcap
pcap.pcap: tcpdump capture file (little-endian) - version 2.4 ....

I was looking for a way to create a large number capture file, or downloaded a sample of one online, but to no avail.

I am also confused by the fact that it is in pcap that there will be little-endian or big-endian. I realized that libpcap has captured what it sees on the wire.

+5

endianness tcpdump pcap libpcap

Rypeck Feb 20 '13 at 20:47

source share

3 answers

, , pcap:

https://github.com/ehrmann/pcap-endianness-converter

+2

David Ehrmann 07 '15 13:38

endianness pcap, wirehark tcpdump:

wirehark . .
tcpdump, "sudo tcpdump -r inputpcapfile -w outputpcapfile "

, pcap endianess, . , endian, pcap - endian, endian. , , .

0

Cédric LE MOING 01 . '16 13:11

user862787 · Accepted Answer · 2013-02-21T02:41:19+0000

Well, one way to do this is to run tcpdump or Wireshark on a large machine; try getting, for example, an old PowerPC-based Mac running OS X.

, , , Wiki SampleCaptures Wireshark Wiki, , - , , SPARC, PowerPC ( MIPS , SGI, DEC) Wireshark, , . libpcap/WinPcap - , , , .

, , libpcap/WinPcap , , , , , , , , , ( , "" , CPU I/O , , , , ). - , - ; , ( , 802.11, , little-endian radiotap , Linux USB).

Pcap files and entity

More articles: