pythong
Reputation: 41
Not a pcap capture file (bad magic) - scapy python
I've got problem trying open .pcap file. In scapy.utils there is RawPcapReader
try:
self.f = gzip.open(filename,"rb")
magic = self.f.read(4)
except IOError:
self.f = open(filename,"rb")
magic = self.f.read(4)
if magic == "\xa1\xb2\xc3\xd4": #big endian
self.endian = ">"
elif magic == "\xd4\xc3\xb2\xa1": #little endian
self.endian = "<"
else:
raise Scapy_Exception("Not a pcap capture file (bad magic)")
hdr = self.f.read(20)
if len(hdr)<20:
raise Scapy_Exception("Invalid pcap file (too short)")
My magic has value "\n\r\r\n" but RawPcapReader is expecting magic == "\xa1\xb2\xc3\xd4" or magic == "\xd4\xc3\xb2\xa1".
Could you tell me what can be the problem? With .pcap file? I'm using python version 2.7
Upvotes: 4
Views: 8883
Answers (2)
bstpierre
Reputation: 31186
As an alternative to saving the file in pcap format, scapy now has PcapNgReader so you could do:
mypcap = PcapNgReader(filename)
Upvotes: 1
wamsachel
Reputation: 171
The magic value of "\n\r\r\n" (\x0A\x0D\x0D\x0A) indicates that your file is actually in .pcapng format, rather than libpcap
The solution is simple
In Wireshark 'Save As': Wireshark/tcpdump - pcap
Or use tshark:
$tshark -r old.pcapng -w new.pcap -F libpcap
Upvotes: 17
Related Questions
- Reading PCAP file with scapy
- Problems reading a .pcap file in Python using scapy
- Writing to a pcap with scapy
- Parsing the pcap file through scapy
- Reading .pcap file from STDIN in Python Scapy
- Sniff error in Scapy
- how to fix Scapy "Warning pcapy API does not permit to get capure file descriptor"?
- scapy's exported linux cooked-mode capture doesn't open in wireshark
- Python Scapy not sniffing
- Help in scapy and pcapy