Stack Overflow
Stack Overflow

Questions tagged [pcap-ng]

The PCAP Next Generation Dump File Format (or pcapng for short) is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

The PCAP Next Generation Dump File Format (or pcapng for short) is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

30 questions
5
votes
3 answers

Convert pcap <-> pcap-ng, pcap-ng tools/libraries

I'm looking for some information about pcap-ng. What is the difference between pcap-ng and pcap? Is there any tool/library for pcap-ng? How to convert pcap to pcap-ng and pcap-ng to pcap?
akuzma
  • 1,592
  • 6
  • 22
  • 49
3
votes
0 answers

Does dpkt support writing data files to pcpang?

Thus far, I have been unable to successfully write packets parsed from dpkt.pcapng to a new pcapng file. The timestamps are corrrectly rewritten as expected, but the packet payload is being overwritten to a generic(?) value which i cannot trace back…
Lyndon
  • 31
  • 4
2
votes
1 answer

Read pcapng file and get the headers in json format

I have a wireshark packet capture (.pcapng) and the file has to be read to memory of a python programme. It is desired to convert the packets to the JSON format like so: $ tshark -r cap.pcapng -T json > ip.json I need the write the json data back…
Rumesh Madhusanka
  • 1,105
  • 3
  • 12
  • 26
2
votes
1 answer

C++ - read and write pcapng files without libpcap

I'm interested in reading and writing pcapng files without using libpcap or WinPcap. Anyone knows how to do it?
James
  • 23
  • 1
  • 6
2
votes
1 answer

Cannot understand 802.11 Data Frame format in PcapNG file

I have PcapNG files created by Wireshark, which I try to parse with python-pcapng. However, I cannot figure out how to reconcile the output I receive from FileScanner's packet_payload_info with the 802.11 Data frame format: This is the output I get…
boardrider
  • 5,882
  • 7
  • 49
  • 86
2
votes
1 answer

Weird pcap header of byte sequence 0a 0d 0d 0a created on Mac?

I have a PCAP file that was created on a Mac with mergecap that can be parsed on a Mac with Apple's libpcap but cannot be parsed on a Linux system. combined file has an extra 16-byte header that contains 0a 0d 0d 0a 78 00 00 00 before the 4d 3c 2b…
vy32
  • 28,461
  • 37
  • 122
  • 246
1
vote
2 answers

Python - save packets to pcapng file

My code creates a couple of packets using scapy and should save them to pcapng files. However, I couldn't find any way to save the files as pcapng. I tried using Scapy's PcapWriter and saving the files to sniff.pcapng, but the result is a pcap file…
Adir Bruchim
  • 21
  • 2
1
vote
1 answer

How to tell if a PCAPNG file was captured with a limited snap length when parsing with SharpPCap in C#?

This seems like a stupid question, but I can't find any way to tell if a packet was only partially captured. All the data lengths I can find in the packet structures use the lengths from the header, and even the byte structures appear to fill out…
J. Lambert
  • 11
  • 1
1
vote
1 answer

How to read pcapng file stream from kismet

I am using kismet running on a raspberry pi to capture network data that I need to analyze in real time on another device. Kismet's api has an endpoint to receive a stream of binary data in the pcapng format. I have successfully been able to read…
b-rad15
  • 89
  • 1
  • 2
  • 13
1
vote
0 answers

Why is there data loss on using editcap "-d"?

I used editcap with option "-d" on a large pcapng file to delete duplicate packets (source file 11GB, new file 5 GB). After that, i extracted all contained files from both pcapng-files (with Networkminer free). I assumed there would be no data…
Tex
  • 29
  • 6
1
vote
0 answers

Python giving KeyError for inexplicable reason

I'm getting this error which I haven't been able to figure out for a long time in python: Traceback (most recent call last): File "st2110_parse_KB.py", line 173, in section_header = get_pcapng_section_header(input_pcapng_file) …
Ken
  • 163
  • 2
  • 11
1
vote
1 answer

Python | Merging multiple pcap/pcapng files using Pyshark

Using the Pyshark module, is there a way to efficientaly merge/join multiple pcap/pcapng files? Tried playing around with pyshark.FileCapture and native file methodes in Python, but with no success. Any ideas? Thanks in advance!
oyed
  • 739
  • 2
  • 7
  • 18
1
vote
1 answer

How can I extract Link-Layer data from Packet Data in pcap-ng file?

I have a pcap-ng file, and I'd like to extract the source/destination IPs. According to the winpcap dump file format, the data I'm looking for is in the Packet Data section of the enhanced packet block. I've been using this library in C# to parse…
trueCamelType
  • 2,198
  • 5
  • 39
  • 76
1
vote
1 answer

Generate pcapng files in a C++ program

I have a C++ program that is able to generate pcap files. However, I would like to embed additional information in the recorded frames, and I understand that the newer format pcapng allows adding arbitrary comments to frames, which I would like to…
Giovanni Mascellani
  • 1,218
  • 2
  • 11
  • 26
1
vote
1 answer

Missing packets after merging two files wih Wireshark/mergecap

I have two pcapng files. Each one is a traffic capture that occurred at the same router but on different interfaces. Since I want to study the behavior of the router's protocols globally I thought on merging these two files into one, so it would be…
Lucas Aimaretto
  • 1,399
  • 1
  • 22
  • 34
1
2