Amit Agarwal Linux Blog

Split pcap to multiple files based on number of packets

2019-06-03 1 min read Bash Learning Linux

Here is a script that can use tshark to split a large pcap to multiple small pcaps

 

inpcap="test.pcap"

max=$(tshark  -r $inpcap -n -T fields -e frame.number|tail -1)

# This is the number of packets in each split pcap
c=1

# Save all new pcaps to out, if it does not exist, create it.
[[ ! -d out ]] && mkdir out

for i in $(seq 1 $max $c)
do
        tshark  -r $inpcap  -n -c $c "frame.number==$i" -w out/$i.pcap
        #Do other stuff, if required
        read -p "Send the next packet? "
done

A very simple 3-4 line script that has saved my day so may times.

Continue reading
Bash Script Capture Pcap Tshark Wireshark

scapy packet dump to packet

2017-04-10 1 min read Learning

First you need to have scapy installed. And if you don’t know about scapy, then

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc

Continue reading
Capture Python Python-Module Scapy Sniffer
© 2018 - 2025 by Amit Agarwal - rss
Bilberry Hugo Theme