Ask Your Question
0

Editcap not found on mac osx

asked 2020-07-29 21:33:06 +0000

I am trying to use editcap on my mac, but the command is not found. How do I add this?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-07-29 22:03:25 +0000

Guy Harris gravatar image

If you've installed Wireshark 3.2, make sure you installed the "Add Wireshark to the system path" package.

Then you'll need to open a new Terminal window - that won't affect existing windows.

edit flag offensive delete link more

Comments

I have Wireshark 3.2.5 on my mac. Where do I find that package?

Tiger123 gravatar imageTiger123 ( 2020-07-29 22:04:34 +0000 )edit

In the .dmg that you downloaded to install Wireshark 3.2.5. You may have to download it again; you won't need to drag-install Wireshark again, but you will need to double-click the "Add Wireshark to the system path" package to install it.

Guy Harris gravatar imageGuy Harris ( 2020-07-29 23:13:48 +0000 )edit

Oh I see. Thanks a lot. I am using the sample capture file from Wireshark, found here: https://wiki.wireshark.org/DTLS. The key log file provided (snakeoil-rsa.key) is an unsupported private key file, and the decryption will not work. Do I change this to a nss format? And if so, how would I do that?

Tiger123 gravatar imageTiger123 ( 2020-07-29 23:42:43 +0000 )edit

Are you looking specifically for DTLS test files or would regular TLS be ok?

Chuckc gravatar imageChuckc ( 2020-07-30 04:17:50 +0000 )edit

I am looking only to embed the keys into the pcap file (specifically this DTLS test file) to create one single pcapng file. Right now, the capture and the key come separately.

Tiger123 gravatar imageTiger123 ( 2020-07-30 05:06:53 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-07-29 21:33:06 +0000

Seen: 66 times

Last updated: Jul 29