Is it possible to view pcap files outside of Wireshark? We have a need to analyse captured packets on our main network, the problem is that we are not allowed to have Wireshark insalled within our network. asked 15 Sep '11, 07:47  MrBeaker |
3 Answers:
You might be able to get around this by using the PortableApps and/or U3 versions of Wireshark, neither of which require you to install Wireshark on the host machine. To get them, visit the Wireshark Download page. answered 15 Sep '11, 10:55  cmaynard ♦♦ edited 15 Sep '11, 10:57 |
pcap format was originally created for tcpdump, not Wireshark, so it's older than Wireshark. There are other programs, such as tcpdump and other programs that use libpcap to read files, and recent versions of Microsoft Network Monitor, that can read pcap files. Whether you will be allowed to have any of those other programs installed on your network is another matter. answered 15 Sep '11, 11:31  Guy Harris ♦♦ |
You could also try using CloudShark, but chances are if security is restricting installation of Wireshark then uploading pcap files to the web may not be allowed either. answered 15 Sep '11, 08:30  rickg421 edited 15 Sep '11, 10:50 cmaynard ♦♦ |
The pcap files generated by Wireshark (or dumpcap, etc) do not contain any dissection (analysis) data. If you want to review these files with the traffic dissected, you will need to use Wireshark.
...or some other program that can read pcap files and that can dissect the traffic in which you're interested; see my answer.