Highest Voted 'pcap' Questions - Super User Stack Exchange

18

votes

2 answers

What's all this deploy.akamaitechnologies.com traffic?

I happened to do a tcpdump while leaving my Mac idle, and when I came back after a mere half-hour there were something like 5000 packets involving deploy.akamaitechnologies.com, in which my computer was asking it on port TCP 443 for something, and…

asked Aug 16 '12 at 17:16

Warren

269
1
3
6

5

votes

2 answers

Follow a .pcap file in wireshark like tail -f

I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark. Is there any solution?

wireshark pcap

asked Mar 18 '13 at 16:49

christophrus

171
1
4

4

votes

1 answer

Why does tcpdump take so long to read pcap files?

I am using a third-party tool that captures network traffic as a pcap file during a network test. When I attempt to play these files back, I use the tcpdump tool with the -Aq -r options, and pipe the output to grep. Some of the captures are 600 KB…

linux networking tcpdump pcap

asked Mar 29 '14 at 06:07

Steve HHH

6,960
6
29
37

2

votes

1 answer

How to split pcap files maintaining tcp sessions

I have a pcap file which contains tcp traces. I was wondering if there's a way to split these traces in order to maintain tcp flows, but also filtering the traffic on a src ip basis. For example, if into my network I have ip addresses which belong…

networking tcp wireshark tcpdump pcap

asked Jan 07 '15 at 09:28

user3098549

121
3

2

votes

2 answers

How to extract mpeg-1 stream from pcap in wireshark

I have a pcap network dump that has an MPEG-1 stream inside and I would like to play the mpeg stream. So far I've tried playing through the RTP analyzer but that plays without any sound. I've also tried to save the stream as a .mpg file but that…

wireshark mpeg pcap

asked Jul 29 '12 at 02:04

Jason Axelson

1,690
1
16
22

2

votes

3 answers

How to filter packets with distinct source address in wireshark?

I have a pcap file and I want to wireshark shows me packets with distinct source address. How can I do this in wireshark?

wireshark sorting packet pcap

asked Jan 23 '17 at 20:47

Richard

117
2
2
9

1

vote

2 answers

How do capture filters in Wireshark work internally?

I am wondering exactly what happens internally in TShark when I use a capture filter. Specifically, let's say I have the following filter to capture multicast data: host 224.0.26.3 && port 12345 Does wireshark: Ask the OS to copy all packets on…

networking wireshark sniffing pcap

asked Sep 26 '14 at 16:39

Chuu

763
1
7
17

1

vote

1 answer

Provide Session Master Key to Wireshark UI?

I'm working on an issue with HTTPS. I suspect its related to client certificates. I want to read some of the encrypted handshake messages that follows the ServerHelloDone message. (Once the ServerHelloDone is sent, the stream usually switches to…

encryption ssl wireshark pcap

asked Aug 07 '14 at 20:48

jww

11,918
44
119
208

1

vote

2 answers

Compile Jnetpcap library for ARM platform?

I am trying to execute a java project on arm platform. my code use jnetpcap library. but when i execute the program it shows me an error "/usr/lib/jnetpcap.so: cannot open shared object: no such file or directory (possible cause: can't load IA…

linux arm pcap

asked Nov 29 '13 at 15:55

ALi

21
1
6

1

vote

1 answer

How do I flush Moloch?

I've installed Moloch and the documentation is a bit thin. Does anyone know how I can flush both the database and pcap logs to return the system to a freshly installed state? There is a script for expiring old data from the db but I'd like to get…

pcap

asked May 29 '13 at 10:52

Simmo

113
1
5

1

vote

1 answer

How to differentiate between three different flavours of pcap files?

There appears to be 3 different file formats associated with the ".pcap" extension -- libpcap /w microsecond timestamps, libpcap /w nanosecond timestamps, and pcapng. Is there an easy way to differentiate between them that is scriptable? Either…

windows wireshark pcap

asked Jan 03 '13 at 22:23

Chuu

763
1
7
17

1

vote

1 answer

How to enter pcap filter in Wireshark 1.8?

Previously in capture options window there was a very handy input field for pcap filter expression. But in 1.8.* this window looks different: So, how to set pcap filter expression before starting capture in wireshark >= 1.8?

networking gui wireshark pcap

asked Jul 30 '12 at 20:02

gelraen

134
1
5

1

vote

1 answer

Black hole output interface for tcpreplay

I'm using a command line like this to replay a huge PCAP file at high speed - I'm benchmarking various aspects of tcpreplay: sudo tcpreplay --mbps=1000 --intf1=docker0 linuxbig_log.pcap As I don't want to annoy our sysadmins, I use my local docker…

linux networking ubuntu-22.04 pcap tcpreplay

asked Jun 15 '23 at 06:39

Ken Y-N

124
1
11

1

vote

0 answers

Generate alert from pcap file with Snort

I'm learning to use snort by myself and I can't figure out if I'm generating alerts from a file well. The rules i have in local.rules are: alert icmp any any -> any any (msg:"Testing ICMP"; sid:1000001;) alert tcp any any -> any any (msg:"Testing…

alert snort analysis pcap

asked Aug 18 '21 at 07:46

Claudia De Michele

11
1

1

vote

0 answers

ALFA wifi network card Monitor Mode on Mac OS

I recently bought an ALFA AWUSO36EAC and I want to use it for packet injection and monitor mode on Mac OS. I was told that this is a better page to ask about Network Card related questions. I have installed the drivers and it connects to wifi just…

networking wireless-networking drivers c++ pcap

asked Oct 24 '20 at 23:37

Sam Moldenha

111
3

Questions tagged [pcap]