0

I'm trying to make traffic and capture it using pcap file. I get pcap file from CAIDA(caida.org) site. This pcap file too big and doesn't have ethernet header. So i splitted pcap file to small size(40 MB) by using editcap and attach ethernet header by using tcprewrite. I send pcap file traffic by using tcpreplay from PC1 to PC2. (PC1 & PC2 both have debian 8 linux) And when i check the received packet data from wireshark, packet count was good but length was too short. In original pcap file, there is longer than 1500 length but received packet data's longest length was about 300. I even changed MTU configuration but it didn't work.

P.S I find there is problem in CAIDA pcap file. When i capture normal network traffic and transmit it to PC2, there is no problem. So i want to ask one question. How can i make this pcap file work properly?

whitehat
  • 1
  • 1

1 Answers1

1

You cannot make .pcap file work properly, non-executale files don't work. However, you probably can make tcpdump work properly, by specifying -s 0 key and recapturing the traffic. If the file is too big, I recomment setting tcpdump filter and capturing only the traffic you are interested in.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • Thanks for a comment. I know pcap file is non-executable file. Pcap file used as means of tcpreplay program. I want to make this pcap file normal state like other normal internet traffic capture pcap file. – whitehat Jan 29 '16 at 07:15
  • And i find there is no payload in CAIDA pcap file – whitehat Jan 29 '16 at 11:18