Ask Your Question
0

how Can I remove pcap header from pcap file

asked 2018-01-24 09:43:27 +0000

saadouna2402 gravatar image

I want to remove the pcap header from my recorded pcap file to have a binary Ethernet starting with dest. MAC address

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-01-24 15:41:14 +0000

sindy gravatar image

updated 2018-01-24 15:41:46 +0000

For each individual packet, you may select any item in the packet dissection pane (clicking on the packet in packet list pane is not enough) and then use File->Export Packet Bytes to save the raw contents of the packet into a file.

Saving multiple packets into a signle file would make little sense even if you did that using some scrip parsing the pcap format because the length is not part of the packet data for all Ethernet packets (or it is rather an exception nowadays to have it there) so it would be difficult to parse such file.

edit flag offensive delete link more

Comments

Hello,

I don't know why but I cannot select the option (export packet bytes) I can see it under Files but I cannot choose it

saadouna2402 gravatar imagesaadouna2402 ( 2018-01-24 15:49:00 +0000 )edit

Have you loaded a capture file?

grahamb gravatar imagegrahamb ( 2018-01-24 16:10:29 +0000 )edit

yes I have

saadouna2402 gravatar imagesaadouna2402 ( 2018-01-24 16:20:42 +0000 )edit

As I wrote - it is not enough to select the packet in the packet list. After doing so, you must also click anywhere into the packet dissection pane (where the contents of the selected packet is displayed in detail) to select any line in there. After doing so, the choice in the File menu becomes available. Note for futurre: it may be a bug so in newer versions this may not be necessary any more.

sindy gravatar imagesindy ( 2018-01-24 19:35:59 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-01-24 09:43:27 +0000

Seen: 1,756 times

Last updated: Jan 24 '18

Related questions

Delay in GOOSE Subscription

What is the syntax for wireshark custom column

Tshark output file problem, saving to csv or txt

How to convert Pcapng file to pcap file by Tshark

Can I create a capture filter on a pcap file

How can I extract parameters from pcap

How to figure out cookies from pcap files?

extract only payload parts of packets of pcap file

Is there a maximum file size for pcap-files?

How to use rawshark to analyse a pcap file which is generated by tcpdump?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2