Tool 19: Extract a range of packets from a record
Description:
A record is a capture file. It contains several packets captured
during a sniff. It can also be created by hand. There are 7 formats
for records: pcap (tcpdump compatible), bin (binary, unreadable by
humans but fast) and mixed/mixed_wrap/dump/hexa/hexa_wrap (easy to
read and edit). A record also has an associated DLT (Data Link Type),
indicating at which level a packet start: raw (start at IP header) and
ether (start at Ethernet header) are the 2 most common DLT. Tool 13
displays DLT of each device.
This tool extracts a range of packets from one record, and save them
in another record. For example, it can extract packet number 2 to
number 5.
Parameter --src-file indicates the input record filename.
Parameter --dst-file indicates the output record filename.
Parameter --recordencode defines how to encode data in this record
(suggested values: bin, pcap and mixed_wrap).
Synonyms:
capture
Usage:
netwox 19 -f file -F file [-r recordencode] [-s uint32] [-e uint32]
Parameters:
| parameter |
description |
example |
| -f|--src-file file |
input record file |
srcfile.txt |
| -F|--dst-file file |
output record file |
dstfile.txt |
| -r|--recordencode recordencode |
encoding type for output record |
bin |
| -s|--start uint32 |
start packet (from 1) |
0 |
| -e|--end uint32 |
end packet (0=nolimit) |
0 |
Examples:
netwox 19 -f "srcfile.txt" -F "dstfile.txt"
netwox 19 --src-file "srcfile.txt" --dst-file "dstfile.txt"