Hi ppl =)
I have following file: test_network.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
I know that in this file are few video streams and i need to extract them. How can i do this?
The biggest problem is that size of file ~180 GB ))
views:
50answers:
2
A:
You can check following link for understad pcap specification: PCAP especification
This website could be useful for you: tcpdump.org
Also you can use c++ library: libpcap++
isola009
2010-06-07 17:53:54
+1
A:
- Use a Pcap library (libpcap, WinPcap, Pcap.Net)
- Extract the TCP over IP over Ethernet.
- Reconstruct the TCP stream (see http://stackoverflow.com/questions/2916612/reconstructing-data-from-pcap-sniff).
- Save the TCP stream data to a file.
Try some Pcap TCP reconstruction tools:
brickner
2010-06-08 20:50:25
So, i used `tshark` to see how many streams are in that pcap file and addresses of src/dst.Next, i use `tshark` to capture packets only for specific src/dst address and write them to another pcap file.Finally, i wrote program using `libpcap` to extract payload of every packet and write it to `some.mpg`Now i need to check this `mpg` file to be sure that it is not corrupted. But i don't know how to do this.
dscTobi
2010-06-10 14:57:53
If you only extract the payload this may not be enough. You need to reconstruct the data according to the sequence numbers. If you check the TCP sequence numbers and other parameters this should be a a valid file (as if you've downloaded it using TCP). I don't know how to validate an mpg file, but I'm sure there a lot of software that does that. Any MPG player can let you know...
brickner
2010-06-10 15:32:57