Had a requirement to convert pcap files to text because Splunk's Sales Engineer advised me to do so before Splunk can index information from packet captures.
Tshark is the tool to fulfill this need. From Windows:
C:\Program Files\Wireshark>tshark -r c:\Forensic\network.pcap -T text > c:\Forensic\network.txt
From Ubuntu:
commandrine@bridge:~$ tshark -r network.pcap -T text > network.txt
By default, Tshark only extracts one line summaries of the packets from your packet capture. Specifying the switch "-Vx" will include packet details and Hex/ASCII information from your pcap file. A word of caution, the text output from using the "-Vx" switch will result in a text file that is exponentially larger than the original pcap.
Subscribe to:
Post Comments (Atom)
VMware Workstation Pro is now free for personal use!!!
VMware Workstation Pro is now free for personal use!!! However, it was not straight forward to install on Ubuntu as I encountered error mes...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...
No comments:
Post a Comment