6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"How to ensure a .pcap file did not modified?\",\"text\":\"

let say my friend send me a .pcap file capture by his computer Wireshark, and I know there had some software can modify this pcap file.(Such as EditCap)

\\n\\n

How can I ensure the file had not modify by those software?\\n(I would like to ensure the pcap file must be original create by Wireshark)

\\n\\n

Thank you

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"YOHO\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","wireshark",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/wireshark/1","children":"wireshark"}]}],["$","span","pcap",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/pcap/1","children":"pcap"}]}],["$","span","packet-capture",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/packet-capture/1","children":"packet-capture"}]}],["$","span","wireshark-dissector",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/wireshark-dissector/1","children":"wireshark-dissector"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/3dddb02abb5bfa0c90f353fca7ee73e2?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"YOHO","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3527571/yoho","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"YOHO"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",77]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"How to ensure a .pcap file did not modified?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

let say my friend send me a .pcap file capture by his computer Wireshark, and I know there had some software can modify this pcap file.(Such as EditCap)

\n\n

How can I ensure the file had not modify by those software?\n(I would like to ensure the pcap file must be original create by Wireshark)

\n\n

Thank you

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",146]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","25700239",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/74a01200b8e1bc8b9b57ddd5633288bc?s=256&d=identicon&r=PG","alt":"Evan","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3179857/evan","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Evan"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",6545]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You can't. The pcap format has no built-in verification or validation that cannot be trivially spoofed.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","67931745",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/67931745","className":"text-blue-600 hover:underline","children":"Insert, Remove and Modify bytes from packet of Pcap file in linux"}]}],["$","li","48765675",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48765675","className":"text-blue-600 hover:underline","children":"Packet loss detection in .pcap file"}]}],["$","li","49047463",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49047463","className":"text-blue-600 hover:underline","children":"wireshark doesn't display packets from pcap file"}]}],["$","li","47067272",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/47067272","className":"text-blue-600 hover:underline","children":"How to get random packets from a .pcap file?"}]}],["$","li","41930313",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/41930313","className":"text-blue-600 hover:underline","children":"Find data transfered by wireshark on pcap file"}]}],["$","li","38303230",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/38303230","className":"text-blue-600 hover:underline","children":"How to manipulate packet and write to pcap file using pcap4j"}]}],["$","li","3428549",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3428549","className":"text-blue-600 hover:underline","children":"pcap_dump file not opened by Wireshark"}]}],["$","li","29476384",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29476384","className":"text-blue-600 hover:underline","children":"Packet is stored wrong in .pcap file"}]}],["$","li","12623186",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12623186","className":"text-blue-600 hover:underline","children":"Wireshark - programatically modify packets from pcap file"}]}],["$","li","2815327",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2815327","className":"text-blue-600 hover:underline","children":"Does libpcap get a copy of the packet?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

How to ensure a .pcap file did not modified?

Answers (1)

Related Questions