OSQA is unmaintained. Help us figure out where to go from here.

Is there such thing as decoding a wireshark pcap file. Is decoding a pcap file the same as transforming a wireshark pcap file to a windows txt file?

asked 17 Apr '12, 22:21

misteryuku's gravatar image

misteryuku
5242629
accept rate: 0%


No. See my answer to your other very similar question here

permanent link

answered 17 Apr '12, 23:54

grahamb's gravatar image

grahamb ♦
19.3k328204
accept rate: 22%

That depends on what you mean by "decoding". It's "decoding" in the sense that it makes a human-readable file. It may or may not be a good format for a program - such as, oh, let's pick a hypothetical example, Splunk - to read; that would depend on the program.

If you want to know whether it would be something that Splunk could usefully process, you might try asking on the Splunk Q&A site rather than asking here on the Wireshark Q&A site.

permanent link

answered 18 Apr '12, 11:29

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.2k335193
accept rate: 19%

And if you mean decrypting, as in SSL or TLS encrypted traffic for HTTPS or some other protocol, then ask that question too.

permanent link

answered 18 Apr '12, 16:06

inetdog's gravatar image

inetdog
16717
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×230
×15
×9

question asked: 17 Apr '12, 22:21

question was seen: 7,184 times

last updated: 18 Apr '12, 16:06

p​o​w​e​r​e​d by O​S​Q​A