Wireshark · Wireshark-users: Re: [Wireshark-users] find local IP from cap-file

Wireshark-users: Re: [Wireshark-users] find local IP from cap-file

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>

Date: Thu, 6 Aug 2009 13:52:16 -0600


On Aug 5, 2009, at 1:29 AM, Andrej van der Zee wrote:

I received huge cap-files that log multiple network-interfaces inboth directions (outgoing and incoming traffic). Unfortunately Ihave no information about which IPs are bound to the sniffed network-interfaces. Is there any way to retrieve this information from thecap-files? I know I can convert it to text and look at the IPs, butstill I cannot say which local IP I was actually sniffing becausenetwork traffic is logged in both directions.

As others have explained, the libpcap format that Wireshark uses bydefault does not save interface IP addresses in the file.

We have started experimental work with implementing PcapNG file formatsupport, which can save the IP addresses of the interfaces in thecapture file. However, I don't think we have implemented that part ofPcapNG in Wireshark yet.



Steve

References:
- [Wireshark-users] find local IP from cap-file
  - From: Andrej van der Zee

Prev by Date: [Wireshark-users] "Response/Request in frame" link in my decoded packets -- gone missing
Next by Date: Re: [Wireshark-users] How do I change the default capture filter?
Previous by thread: Re: [Wireshark-users] find local IP from cap-file
Next by thread: Re: [Wireshark-users] find local IP from cap-file
Index(es):
- Date
- Thread