iasksillyquestions
Reputation: 5689
RawCap sniffer results in empty pcap file
So... I'm attempting to use RawCap to capture traffic to localhost When I run rawcap, it reports packets in the cmd prompt - but the dump file is always empty.
Any ideas (I've tried running with admin privs)
Upvotes: 6
Views: 5276
Answers (2)
Shaun Luttin
Reputation: 141512
Set the -f flag to flush the data to the file after each package.
rawcap -f 127.0.0.1 my_loopback.pcap
Then as geniaz1 said, stop capture with ctrl + c
Upvotes: 2
geniaz1
Reputation: 1183
You should terminate RawCap with ctrl+c and not by just closing the window.
for more information here: http://www.netresec.com/?page=Blog&month=2011-10&post=Automatic-Flushing-in-RawCap
Upvotes: 10
Related Questions
- pcap_handler callback contains empty packets only when using npcap v0.9991
- How to convert raw packet data into a PCAP file?
- Raw capture capabilities (CAP_NET_RAW, CAP_NET_ADMIN) not working outside /usr/bin and friends for packet capture program using libpcap
- Cannot convert from SharpPcap.RawCapture to PacketDotNet.Packet
- pcap_dump file not opened by Wireshark
- 'pcap_loop' is not recording packets and isn't even running
- Python Packet Sniffing / Packet Capture - pcapy not capturing packets
- Pcap reading tcp header fields fails silently
- SharpPCap missing packets
- missing elements from pcap?