On Aug 5, 2009, at 12:29 AM, Andrej van der Zee wrote:
I received huge cap-files that log multiple network-interfaces in
both directions (outgoing and incoming traffic). Unfortunately I
have no information about which IPs are bound to the sniffed network-
interfaces. Is there any way to retrieve this information from the
cap-files?
In a pcap file, no information is logged other than:
in the file header:
the byte order of non-packet data in the capture;
the link-layer type of the interface;
the snapshot length of the capture;
(there are fields for time zone offset and resolution, but no program
I know of fills them in);
in the per-packet header:
the time the packet arrived;
the number of bytes of captured data in the packet;
the number of bytes the packet had on the network;
the raw packet data.
No information about the interface on which traffic was captured other
than the link-layer header type is saved.