Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] *.pcap file?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: hadi motamedi <motamedi24@xxxxxxxxx>
Date: Sun, 26 Aug 2012 08:26:29 +0430
On 8/25/12, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Aug 25, 2012, at 2:22 AM, hadi motamedi wrote:
>
>> Thank you very much for your help. Please be informed that I collected
>> the file on my centos server and then sftp it to my windows machine
>> that has wireshark running on it. I need to analyze the sccp portion
>> of this file on my windows machine. The file command on my centos
>> machine shows it as "data".
>
> OK, so even the machine on which you captured it doesn't think it's a pcap
> file.  This means that it really might not be a pcap file.
>
> What do the commands
>
> 	uname -sr
>
> and
>
> 	tcpdump -h
>
> print on the CentOS machine?
>
> If you run the command
>
> 	od -bc /tmp/mss0-pps.pcap | head
>
> (or wherever the file is now) on the CentOS machine, what does it print?
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
Please be informed that the outputs are as the followings :
# uname -sr
Linux 2.6.18-238.el5
# tcpdump -h
tcpdump version 3.9.4
libpcap version 0.9.4
Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ]
[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -Z user ]
[ expression ]
# od -bc /tmp/mss0-pps.pcap | head
0000000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
\0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
*
0001260 306 127 036 120 071 112 016 000 131 000 000 000 131 000 000 000
306   W 036   P   9   J 016  \0   Y  \0  \0  \0   Y  \0  \0  \0
0001300 000 000 000 001 000 006 000 016 014 307 153 354 000 000 010 000
\0  \0  \0 001  \0 006  \0 016  \f 307   k 354  \0  \0  \b  \0
0001320 105 000 000 111 000 000 100 000 100 021 035 175 254 022 143 001
E  \0  \0   I  \0  \0   @  \0   @ 021 035   } 254 022   c 001
0001340 254 022 142 001 023 135 023 135 000 065 040 270 060 053 002 001
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube