forked from noahdavids/packet-analysis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fix-pcap.sh.html
65 lines (54 loc) · 2.3 KB
/
fix-pcap.sh.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252" />
<title>fix-pcaps.sh Information</title>
</head>
<body background="concret.jpg">
<center>
<h1>fix-pcap.sh Information</h1>
<img src="bluebar.gif" width="576" height="14" alt="Blue Bar separator">
</center>
<p>
This macro fixes pcap that end in a middle of a packet. It does this by reading the file and writing a new file. The damaged packet will not be written. It then renames the newly output file back to the original name.
<p>
<b><h3>Usage</h3></b>
fix-pcap.sh FILE-NAME
<br><br>
<b>FILE-NAME</b>
<br>
The file name (or path to the file), This file must be readable by tshark.
<br><br>
<b><h3>Example</h3></b>
Example 1 - First shows the error that tshark (or Wireshark) would show when the file is read. the "-q" argument is used so that the actual packets are not displayed. Then fix-pcap.sh is run. The first part of fix-pcap.sh runs tcpdump to read and write the file. Note that it also reports when error when it gets to the last packet. The second part of fix-pcap.sh recreates the original file. Finally, tshark is again run to show that there is no error.
<center>
<table border=5>
<tr><td align=left>
<pre>
$ tshark -r test.pcap -q
tshark: The file "test.pcap" appears to have been cut short in the middle of a packet.
$ ./fix-pcap.sh test.pcap
reading from file test.pcap, link-type EN10MB (Ethernet)
tcpdump: pcap_loop: truncated dump file; tried to read 1514 captured bytes, only got 1496
$ tshark -r test.pcap -q
</pre>
</td></tr>
</table>
Figure 1
</center>
<p>
You can find this script at <a href="https://github.com/noahdavids/packet-analysis/blob/master/fix-pcap.sh">fix-pcap.sh</a>
<br /><br />
<h5><center>
<img src="bluebar.gif" width="576" height="14" alt="Blue Bar separator">
<br />
This page was last modified on 18-04-25</h5>
</center>
<a href="mailto:[email protected]"><img src="mailbox.gif" width="32" height="32" alt="mailbox" align="left" hspace=3>
Send comments and suggestions
<br />
</a>
</body>
</html>