Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex

From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Mon, 9 Nov 2009 13:16:34 -0500

I can probably do it with perl or ruby if you want to send me the text and give me an example of what you need.

 

 

 

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Justin Barilar
Sent: Monday, November 09, 2009 12:11 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] pcap to Text? Strip out pcap header information -> raw hex dump

 

All,

I have a few pcap captures that were captured using snoop on a Linux machine. However, I'm looking to convert this pcap file to a raw dump of the bytes of the packets, hence removing all the pcap header information (global header, packet headers with timestamps).

I see there is a text2pcap function which is the opposite of what I want to do. Is there any utility to accomplish what I want to do?

Regards,

Justin