How to restore data from a pcap file?
https://stackoverflow.com/questions/2987507
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have following file: test_network.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
I know that in this file are few video streams.
How do I extract them?
[The file is ~180 GB]
Solution
- Use a Pcap library (libpcap, WinPcap, Pcap.Net)
- Extract the TCP over IP over Ethernet.
- Reconstruct the TCP stream (see Reconstructing data from PCAP sniff).
- Save the TCP stream data to a file.
Try some Pcap TCP reconstruction tools:
OTHER TIPS
There are tools developed to achieve your goal, some of these are open source, for example:
- Xplico : Linux and big pcaps files
- NetworkMiner: Windows and Linux
You can check following link for understad pcap specification: PCAP especification
This website could be useful for you: tcpdump.org
Also you can use c++ library: libpcap++
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
