Porting pcap Data to Another Application
When you user the pcap query utility to extract pcap data, the utility creates a libpcap-compliant pcap file in the current working directory.
[root@ip-10-0-0-53 0.3.0]# ls -l total 72 drwxr-xr-x. 2 livy games 4096 Nov 22 22:36 bin drwxr-xr-x. 3 livy games 4096 Nov 23 17:10 config drwxr-xr-x. 2 livy games 4096 Sep 29 17:44 ddl drwxr-xr-x. 6 livy games 4096 Aug 22 14:54 flux drwxr-xr-x. 2 root root 4096 Nov 23 17:07 lib drwxr-xr-x. 2 livy games 4096 Nov 22 22:36 patterns -rw-r--r--. 1 root root 48506 Nov 23 18:06 pcap-data-20161123180607184+0000.pcap [root@ip-10-0-0-53 0.3.0]# file pcap-data-20161123180607184+0000.pcap pcap-data-20161123180607184+0000.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
You can open the libpcap-compliant pcap file with any third-party tool that supports the
file type. For example, you can load Wireshark and choose File > Open
.
Wireshark will load the pcap file.
The content of the file will be similar to the following: