Wireshark · Wireshark-users: Re: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump

Wireshark-users: Re: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Mon, 09 Nov 2009 18:46:45 +0100

Justin Barilar wrote:

All,
I have a few pcap captures that were captured using snoop on a Linuxmachine. However, I'm looking to convert this pcap file to a raw dump ofthe bytes of the packets, hence removing all the pcap header information(global header, packet headers with timestamps).
I see there is a text2pcap function which is the opposite of what I wantto do. Is there any utility to accomplish what I want to do?
Regards,

Justin

Hi,

Sure, have a look at tshark. It can read pcap files and spit out all kinds ofdetails.


Thanks,
Jaap

References:
- [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump
  - From: Justin Barilar

Prev by Date: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump
Next by Date: Re: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump
Previous by thread: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump
Next by thread: Re: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump
Index(es):
- Date
- Thread