Search code examples
cextractpcaptcpdump

How to restore data from a pcap file?

I have following file: test_network.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
I know that in this file are few video streams. How do I extract them?

[The file is ~180 GB]

Solution
    1. Use a Pcap library (libpcap, WinPcap, Pcap.Net)
    2. Extract the TCP over IP over Ethernet.
    3. Reconstruct the TCP stream (see Reconstructing data from PCAP sniff).
    4. Save the TCP stream data to a file.

    Try some Pcap TCP reconstruction tools:

    http://www.codeproject.com/KB/IP/TcpRecon.aspx

    http://code.google.com/p/pcap-reconst/