![]() ![]() So without the -P hack you are basically stuck, and cannot see interface information in Wireshark with pcap captures generated by cppcap/tcpdump. pcapng (which is still experimental) will address this by including interface name information right in the capture file. Using the hacked-in -P option embedded the interface name into the pcap file in what I assume is an unsupported way, as seen in your screenshot. If a pcap file created by tcpdump/cppcap is replayed on a different system or viewed in Wireshark, the interface name information is not supported by the pcap format at all, and is simply not available. If doing a live capture or a replay with version 4.9.9, tcpdump can only display the interface information because it is looking at the live interface configuration of the system it is running on, and can calculate the interface name for display. You can't see the interface name in Wireshark because it is not embedded in the pcap file in the first place. I need something like this (captured with "tcpdump -Penni any" on R80.20)Īny ideas to get interfaces in text output with tcpdump and also in capture file (for wireshark) back? ![]() With cppcap you can get it in text output but not in capture/wireshark. ![]() I used "-Q inout" but I didn't get the interfaces. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |