Ask Ubuntu Asked by Pranav Sharma on February 21, 2021
I have a a few folders with 300 to 400 files each. The files are wireshark captures in .pcapng format. I would like to write a shell script that opens every file and saves it into a new folder using wireshark .tcpdump format.
You could also use tshark:
tshark -F pcap -r {pcapng_file} -w {pcap_file}
Answered by Alexx Roche on February 21, 2021
Ok, found the tool called editcap. You only have to call editcap i.pcapng o.pcap into a loop:
# Recursively convert all *.pcapng files to *.pcap
cd /path/to/folders # the path to folder where your folders containing '*.pcapng' files are in
find . -type f -name '*.pcapng' -print0 | while IFS= read -r -d '' f; do editcap -F libpcap "$f" "${f%.pcapng}.pcap"; done
(since I'm lazy, I mostly used Radu's script, aside from adding double quotes for ${f%.pcapng}.pcap)
You can check the editcap manual for more options.
Here a example:
braiam@bt:~/lab$ ls
something.pcapng
braiam@bt:~/lab$ find . -type f -name '*.pcapng' -print0 | while IFS= read -r -d '' f; do editcap -F libpcap "$f" "${f%.pcapng}.pcap"; done
braiam@bt:~/lab$ file something.pcap something.pcapng
something.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
something.pcapng: pcap-ng capture file - version 1.0
braiam@bt:~/lab$
As you can see I converted the pcapng format into pcap/tcpdump format. The change of extension is an extra.
Answered by Braiam on February 21, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP