Analyze Network Packet

Mergecap and Tshark: Merge Packet Dumps and Analyze Network Traffic

by Ramesh Natarajan on March 23, 2009

Network Switch with Ethernet Cables
Photo courtesy of Michael_P

This article is written by Balakrishnan M
 
A while back we reviewed 11 examples on how to use editcap utility to capture network dumps. In this article, let us review mergecap utility and tshark commands.
 
Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Based on timestamp, the packets are written into the output file in an orderly manner. By default the output file is written in the libpcap format. However using mergecap options, we can generate output in various different format including those that are supported by wireshark tool.
(more…)

{ 2 comments }

Editcap Guide: 11 Examples To Handle Network Packet Dumps Effectively

by Ramesh Natarajan on February 26, 2009

Network Switch with Ethernet Cables
Photo courtesy of Michael_P

This article is written by Balakrishnan M
 
Editcap utility is used to select or remove specific packets from dump file and translate them into a given format. Editcap does not perform packet captures like ethereal. Instead, it operates on the captured packets and writes some of the required packets into another file. We can pass various options to editcap to get our preferred packets.

In this article, let us review 11 practical examples on how-to use editcap to handle the packet dumps effectively.
(more…)

{ 3 comments }