Revision history [back]
Recovering corrupt packet captures
Hi,
as I've been porting to Python and publishing my earlier work related to recovering IPv4 packets from binary files, I started wondering about the subject of recovering corrupt packet capture files. Not just the last packet captured in the file truncated, but conditions when Wireshark hit a format error and stops processing the capture file well before its end. Any interest from the community? In my own experience I had a few critical problems where the capture file was corrupt and no backup copies were available, so I wrote a couple utilities for recovering the files. Still, maybe it was just my luck?
The example with my script for recovering IPv4 is at https://www.linkedin.com/pulse/detecting-ipv4-packets-dumps-vadim-zakharine/
TIA
Vadim
Recovering corrupt packet captures
Hi,
as I've been porting to Python and publishing my earlier work related to recovering IPv4 packets from binary files, I started wondering about the subject of recovering recivering corrupt packet capture files. Not just the last packet captured in the file truncated, but conditions when Wireshark hit a format error and stops processing the capture file well before its end. Any interest from the community? In my own experience I had a few critical problems where the capture file was corrupt and no backup copies were available, so I wrote a couple utilities for recovering the files. Still, maybe it was just my luck?
The example with my script for recovering IPv4 is at https://www.linkedin.com/pulse/detecting-ipv4-packets-dumps-vadim-zakharine/
TIA
TIA
Vadim