Can you be more specific? The pcapng format is described e.g here, but if you are interested in access to more than timestamps and raw packet bytes, you should use tshark which dissects the packets like Wireshark does.
Tshark is part of the Wireshark installer that can be downloaded here. During the installation, you can choose to install tshark (actvated by default) and once completed, you will find it in your installation folder.
permanent link
answered 10 May '17, 00:18
Pascal%20Quantin's gravatar image
Pascal Quantin
5.5kâ10â60
accept rate: 30%
Note that the Wireshark installer does NOT add the Wireshark binary directory to the path.
What are you trying to convert the .pcapng file to? If you're only looking to convert it to a .pcap file, you can do that easily with editcap. For example:
editcap -F pcap infile.pcapng outfile.pcap
Is there some other use case that you have where the tools available with Wireshark don't meet your needs?
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments
Can you be more specific? The pcapng format is described e.g here, but if you are interested in access to more than timestamps and raw packet bytes, you should use
tshark
which dissects the packets like Wireshark does.what download link for tshark for win32 ?
BTW https://pcapng.github.io/pcapng/#rfc.... PCAP Next Generation (pcapng) Capture File Format
this draft expired on March 6, 2016
"Network Working Group
Intended status: Informational
Expires: March 6, 2016
Take a look here for the spec. And here you'll find the download
thank you for the link to the latest internet draft of the PCAP Next Generation (pcapng) Capture File Format
I meant tshark vs. Wireshark download link https://www.wireshark.org/docs/man-pa... as you said: "tshark which dissects the packets like Wireshark does
from https://www.wireshark.org/docs/man-pa... "TShark is part of the Wireshark distribution
from https://osqa-ask.wireshark.org/questi...
TShark for Windows "
Tshark is part of the Wireshark installer that can be downloaded here. During the installation, you can choose to install tshark (actvated by default) and once completed, you will find it in your installation folder. permanent link
answered 10 May '17, 00:18 Pascal%20Quantin's gravatar image
Pascal Quantin 5.5kâ10â60 accept rate: 30%
Note that the Wireshark installer does NOT add the Wireshark binary directory to the path.
To use tshark.exe you can:
(more)What are you trying to convert the .pcapng file to? If you're only looking to convert it to a .pcap file, you can do that easily with
editcap
. For example:Is there some other use case that you have where the tools available with Wireshark don't meet your needs?