Highest Voted 'editcap' Questions

0

votes

1 answer

Using editcap from specific wireshark version

I currently have Wireshark 2.6.8 and 3.0.2 installed on Ubuntu 18.04, and I would like to be able to use editcap as included in the 3.0.2 installation to modify pcap files. However, every time I run editcap (a simple editcap -h to verify the build…

wireshark pcap editcap

asked Jul 22 '19 at 12:15

Lyndon

31
4

0

votes

1 answer

Split wireshark to miliseconds

How to split wireshark files based on time interval. Editcap does not allow to split files in milliseconds? Can give only seconds using editcap -i.

time wireshark editcap

asked Jul 12 '19 at 10:02

sally

11
3

0

votes

1 answer

Split .pcap files based on time

I got .pcap files that need to be split into time intervals (eg: 1 sec). That means for example the first set of packets that arrived in first 1 second, then next set of packets arrived in the next 1 sec so on.. When I use the below python (3.7)…

python split wireshark network-traffic editcap

asked Jul 07 '19 at 13:46

user3535695

75
2
12

0

votes

2 answers

How to get random packets from a .pcap file?

I am trying to get a random subset of packets from a .pcap file. To do so, I have written the following shell script: large_number=150000 smaller_number=10000 selected_packet_numbers=$(shuf -i 0-"$large_number" -n "$smaller_number") editcap -r…

shell wireshark pcap editcap

asked Nov 02 '17 at 03:47

Utku

2,025
22
42

0

votes

0 answers

Wireshark bluetooth traffic extraction and analysis

I'm quite a beginner to Wireshark and I got problem using it, I searched the wireshark wiki but seems no promising results. Hopefully I can get some help here. I am trying to analyze the network traffic between LG smart watch and Android phone,…

networking bluetooth protocols wireshark editcap

asked Sep 21 '15 at 19:50

xl45

51
1
8

0

votes

1 answer

redirect output of editcap to tcpdump

I want filter first 100 packets inside a pcap file and show the result on stdout. for filtering first 100 packet I used below command: editcap -r test.pcap output.pcap 1-100 for showing result and filtering packet for the further purpose I want to…

redirect tcpdump editcap

asked Aug 03 '15 at 09:49

omid

37
1
9

0

votes

1 answer

Editcap input/output files

I'm trying to run editcap on a bunch of files in different folders, and I have no problems doing it using *. For example: editcap captures/*/*.gzip The problem is that when I also try to specify an output file, for example with: editcap…

bash wireshark packet-capture editcap

asked Jul 22 '14 at 10:06

gprivitera

933
1
8
22

0

votes

1 answer

How to remove data link layer from pcap file?

I'm making a script that is inspecting packets, but headers giving me a headache. I have a DSL connection/Wireless at home, and the data link layer is appearing in Wireshark capture, either PPP or WLAN depending on which one I am currently…

wireshark packet pcap editcap

asked Jan 12 '14 at 11:30

Peter

323
1
16
46

-1

votes

1 answer

How to split a PCAP file based off time column with editcap?

I have a PCAP file I exported from wireshark that's rather large. The PCAP looks as follows: No. Time Source Destination Protocol Length Info 1 0 192.168.100.180 8.8.8.8 DNS 95 Standard query 0xf948 A detectportal.firefox.com OPT 2 …

wireshark pcap editcap

asked Nov 01 '20 at 21:12

skhan59

21
3

Questions tagged [editcap]