On Aug 5, 2009, at 1:29 AM, Andrej van der Zee wrote:
I received huge cap-files that log multiple network-interfaces in
both directions (outgoing and incoming traffic). Unfortunately I
have no information about which IPs are bound to the sniffed network-
interfaces. Is there any way to retrieve this information from the
cap-files? I know I can convert it to text and look at the IPs, but
still I cannot say which local IP I was actually sniffing because
network traffic is logged in both directions.
As others have explained, the libpcap format that Wireshark uses by
default does not save interface IP addresses in the file.
We have started experimental work with implementing PcapNG file format
support, which can save the IP addresses of the interfaces in the
capture file. However, I don't think we have implemented that part of
PcapNG in Wireshark yet.
Steve