Hi, I'm Automatically capturing logs in .pcap format using below command dumpcap.exe -i 4 -a files:3 -a filesize:5 -w test.pcap how can convert this files to .txt format automatically using dumpcap command.... asked 02 Mar '13, 20:55  Irsh |
One Answer:
dumpcap always writes pcapng or pcap files by default, depending on the version of the executable, so the "logs" are always in a binary format. No way around that. If you need text files you can try to use tshark to display decoded data after it has been written to disk, or you could use Wireshark to export the packets to decoded .txt format manually. Why do you need .txt format anyway? Usually it is more useful to have the binary format since it can be worked with much easier. answered 03 Mar '13, 05:02  Jasper ♦♦ edited 03 Mar '13, 05:03 |
Hi, I'm Running a program where certain data comes in hidden format where wireshark Picks. What I want is to get that data to another Program .... can I use tshark to achieve this ? If so... what is the command please. Thanks
what do you mean by "hidden format"? Sounds like Wireshark/Tshark just do not have dissectors for it - if so, you'll be stuck with undecoded bytes either way.
So do I get this correctly - you want to extract payload bytes that Wireshark/TShark does not decode?