Skip to content

Instantly share code, notes, and snippets.

@SyeedHasan

SyeedHasan/pcap(ng)-shortcuts.md

Last active February 16, 2022 04:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save SyeedHasan/76ee490c78ca3e5a3553cbf93adaf59a to your computer and use it in GitHub Desktop.
Save SyeedHasan/76ee490c78ca3e5a3553cbf93adaf59a to your computer and use it in GitHub Desktop.
Download ZIP
PCAP mumbo-jumbo
Raw
pcap(ng)-shortcuts.md

Splitting a PCAP

To divide a PCAP into chunks of 200MB:
tcpdump -r inputPcap.pcap -w outputPcap.pcap -C 200

Wireshark Helpers

capinfos.exe: This prints information about trace files
dumpcap.exe: This captures packets and saves to a libpcap format file
editcap.exe: This splits a trace file, alters timestamps, and removes duplicate packets
mergecap.exe: This merges two or more packet files into one file
rawshark.exe: This reads a stream of packets and prints field descriptions
text2pcap.exe: This reads an ASCII hex dump and writes a libpcap file
tshark.exe: This captures network packets or displays data from a saved trace file\

Dump Conversations

Dump conversations in the PCAP file using Wireshark's 'Statistics' tab:
Statistics > Conversations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment