How to differentiate between three different flavours of pcap files?

1

There appears to be 3 different file formats associated with the ".pcap" extension -- libpcap /w microsecond timestamps, libpcap /w nanosecond timestamps, and pcapng.

Is there an easy way to differentiate between them that is scriptable? Either cmd, powershell, or bash is acceptable.

Chuu

Posted 2013-01-03T22:23:50.190

Reputation: 549

Which flavor of OS? Windows or Linux/Unix? – mdpc – 2013-01-03T22:26:26.527

Preferably Windows, but if it works in cygwin that's good as well. – Chuu – 2013-01-03T22:28:18.857

Answers

1

You can verify the file type of pcap files with capinfos (e.g., simply enter capinfos your_capture.pcap in the command line).

capinfos is available with the WireShark distribution.

vincent

Posted 2013-01-03T22:23:50.190

Reputation: 126

Asked: 2013-01-03T22:23:50.190

Viewed: 287 times

Active: 2013-12-10T14:53:40.650