dscTobi
Reputation: 157
How to restore data from a pcap file?
I have following file: test_network.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
I know that in this file are few video streams.
How do I extract them?
[The file is ~180 GB]
Upvotes: 1
Views: 11262
Answers (3)
Gianluca Costa
Reputation: 486
There are tools developed to achieve your goal, some of these are open source, for example:
- Xplico : Linux and big pcaps files
- NetworkMiner: Windows and Linux
Upvotes: 2
brickner
Reputation: 6585
- Use a Pcap library (libpcap, WinPcap, Pcap.Net)
- Extract the TCP over IP over Ethernet.
- Reconstruct the TCP stream (see Reconstructing data from PCAP sniff).
- Save the TCP stream data to a file.
Try some Pcap TCP reconstruction tools:
http://www.codeproject.com/KB/IP/TcpRecon.aspx
http://code.google.com/p/pcap-reconst/
Upvotes: 4
barroco
Reputation: 3118
You can check following link for understad pcap specification: PCAP especification
This website could be useful for you: tcpdump.org
Also you can use c++ library: libpcap++
Upvotes: 0
Related Questions
- "Replay" tcpdump file
- Extract TCP payload from pcap file
- How to convert raw packet data into a PCAP file?
- How to use libpcap to parse pcap file.
- create PCAP file for captured packet in c
- Parsing a .pcap file in plain C
- how to extract data from pcap file
- Extract frames from pcap files (tcpdump output) without using Libraries
- how to read a pcap file in c++ to get the packet information?
- Reading a list of PCAP files