Re: [Fed-Talk] FYI: tcpdump format
Re: [Fed-Talk] FYI: tcpdump format
- Subject: Re: [Fed-Talk] FYI: tcpdump format
- From: "Neely, Lee" <email@hidden>
- Date: Wed, 14 Jan 2015 22:51:19 +0000
- Thread-topic: [Fed-Talk] FYI: tcpdump format
You can use a service to convert the file like pcapng.org
OR
You can used the editcap tool that comes with wireshark
-----Original Message-----
From: fed-talk-bounces+neely1=email@hidden [mailto:fed-talk-bounces+neely1=email@hidden] On Behalf Of Todd Heberlein
Sent: Wednesday, January 14, 2015 2:41 PM
To: Fed Talk
Subject: [Fed-Talk] FYI: tcpdump format
Just a little FYI for those who use tcpdump.
I’m not sure when, but Apple’s tcpdump file format (e.g., using the -w <filename> option) changed from the old pcap format to a “next generation” format, pcapng.
As long as you are saving packet data and reading it back on the same machine or same software, you should be fine. But older software (e.g., a lot of things over 2 years old) might not be able to read in the new data file.
As far as I can tell, I cannot force tcpdump to save in the old pcap format.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden