Sometimes we do face problem in spilt/merge packet captures taken in a different media. For example, if we capture packets in MAC operating system, we can't merge the capture files using mergecap utility. Because the files are not in libpcap format. When you try to merge/edit the files, you get the below error
Issue
mergecap -w out.pcap VA123_00016_20170530202904 VA123_00016_20170530202905
mergecap: Can't open or create out.pcap: Files from that network type can't be saved in that format
file VA123_00016_20170530202904
VA989_00016_20170530202904: pcap-ng capture file - version 1.0
you can solve this issue with the help of tcpdump utility. With the help of tcpdump, you can convert the pcap-ng files to libpcap format
tcpdump -r VA123_00016_20170530202904 output.pcap
You can use the below script to merge the list of pcapng files into a single libpcap file
#!/bin/bash
for i in `ls`
do
echo $i
file=`echo $i | cut -d "." -f1`
tcpdump -r $i -w $file.pcap
done
mergecap -w outputfile.pcap *.pcap
No comments:
Post a Comment