-1

I capture traffic using tcpdump, and save file in .pcap format. How can I convert this file to a plain text file, like Wireshark does?

Miguel Freitas
  • 3
  • 4

1 Answers1

0
  1. Read it with tcpdump, without the -w flag, which will convert it to tcpdump's text format, written to the standard output.
  2. Get TShark ported to Android; it will, with the proper command-line arguments in the case of TShark, will do it in a fashion surprisingly similar to what Wireshark does. :-)
  3. Write your own program that does the same thing as tcpdump or Wireshark/TShark.
  • The .pcap file is written in way that i not understand. When i open and read .pcap file to a buffer in Java and print them, i can't read anything of file. I know that i can read it with Wireshark, Tshark and TCPDump, but it not what i want. I want for a given .pcap file, convert it to a readable file programmatically in Java. Do you know how can i do it? – Miguel Freitas Jul 30 '15 at 10:39
  • The only "readable file" you can convert an arbitrary pcap file to is a printout of the packet information, of the sort you get from tcpdump or Wireshark. To do that in Java, you'll need to use something like [Jpcap](http://jpcap.sourceforge.net) to read the file, and either write your own code to dissect the raw packet data or use Jpcap's code. There's no magic easy solution; you will have to do a significant amount of work. –  Jul 31 '15 at 06:35