Wireshark mailing list archives
Re: *.pcap file?
From: hadi motamedi <motamedi24 () gmail com>
Date: Sun, 26 Aug 2012 08:26:29 +0430
On 8/25/12, Guy Harris <guy () alum mit edu> wrote:
On Aug 25, 2012, at 2:22 AM, hadi motamedi wrote:Thank you very much for your help. Please be informed that I collected the file on my centos server and then sftp it to my windows machine that has wireshark running on it. I need to analyze the sccp portion of this file on my windows machine. The file command on my centos machine shows it as "data".OK, so even the machine on which you captured it doesn't think it's a pcap file. This means that it really might not be a pcap file. What do the commands uname -sr and tcpdump -h print on the CentOS machine? If you run the command od -bc /tmp/mss0-pps.pcap | head (or wherever the file is now) on the CentOS machine, what does it print? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Please be informed that the outputs are as the followings : # uname -sr Linux 2.6.18-238.el5 # tcpdump -h tcpdump version 3.9.4 libpcap version 0.9.4 Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -Z user ] [ expression ] # od -bc /tmp/mss0-pps.pcap | head 0000000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 * 0001260 306 127 036 120 071 112 016 000 131 000 000 000 131 000 000 000 306 W 036 P 9 J 016 \0 Y \0 \0 \0 Y \0 \0 \0 0001300 000 000 000 001 000 006 000 016 014 307 153 354 000 000 010 000 \0 \0 \0 001 \0 006 \0 016 \f 307 k 354 \0 \0 \b \0 0001320 105 000 000 111 000 000 100 000 100 021 035 175 254 022 143 001 E \0 \0 I \0 \0 @ \0 @ 021 035 } 254 022 c 001 0001340 254 022 142 001 023 135 023 135 000 065 040 270 060 053 002 001 ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- *.pcap file? hadi motamedi (Aug 24)
- Re: *.pcap file? Guy Harris (Aug 25)
- Re: *.pcap file? hadi motamedi (Aug 25)
- Re: *.pcap file? Guy Harris (Aug 25)
- Re: *.pcap file? hadi motamedi (Aug 25)
- Re: *.pcap file? Guy Harris (Aug 25)
- Re: *.pcap file? hadi motamedi (Aug 25)
- Re: *.pcap file? Guy Harris (Aug 25)
- Re: *.pcap file? hadi motamedi (Aug 25)