Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] find local IP from cap-file
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 5 Aug 2009 01:19:34 -0700
On Aug 5, 2009, at 12:29 AM, Andrej van der Zee wrote:
I received huge cap-files that log multiple network-interfaces in both directions (outgoing and incoming traffic). Unfortunately I have no information about which IPs are bound to the sniffed network- interfaces. Is there any way to retrieve this information from the cap-files?
In a pcap file, no information is logged other than:
in the file header:
the byte order of non-packet data in the capture;
the link-layer type of the interface;
the snapshot length of the capture;
(there are fields for time zone offset and resolution, but no program
I know of fills them in);
in the per-packet header:
the time the packet arrived;
the number of bytes of captured data in the packet;
the number of bytes the packet had on the network;
the raw packet data.
No information about the interface on which traffic was captured other
than the link-layer header type is saved.
- References:
- [Wireshark-users] find local IP from cap-file
- From: Andrej van der Zee
- [Wireshark-users] find local IP from cap-file
- Prev by Date: [Wireshark-users] find local IP from cap-file
- Next by Date: Re: [Wireshark-users] find local IP from cap-file
- Previous by thread: [Wireshark-users] find local IP from cap-file
- Next by thread: Re: [Wireshark-users] find local IP from cap-file
- Index(es):