what I did -
Got a wireshark capture of web traffic.
Edited the capture file to remove one GET request. (removed that line using editcap)
Saved the edited file (from step 2)
Did a tcpreplay of this file.
When I do this, I get an error: Fatal Error: Error opening pcap file: bad dump file format.
Any inputs on what could be wrong? Am I doing something wrong in the way I have edited my wireshark pcap file?
thanks,
Andy
The default editcap capture file output type is pcapng.
A quick look at the tcpreplay docs shows mentions only of libpcap format (and not pcapng).
So: Maybe the solution is to specify the '-F pcap' option to editcap to specify the capture file output format as libpcap format.
Update:
From the tcpreplay FAQ:
"Does Tcpreplay support Pcap-Ng/NTAR files?
Yes. The Tcpreplay suite uses ​libpcap for reading & writing pcap files. If you have libpcap 1.1.0 or higher, then tcpreplay, tcprewrite, etc can read pcap-ng files. If you have an older version of libpcap, you should upgrade to the latest version as earlier versions of libpcap have bugs with pcap-ng files. "
So: (assuming that you're using a version of libpcap >= 1.1.0) I'm not sure what the problem is. You might still want to try specifying pcap output format to see if that makes a difference.
Also: Are you able to read the original capture file (before editing) with tcpreplay ? (What is the format of the original file ? (Use 'capinfos filename' to determine the file type).
Related
I would like to get the type of a file without using the extension, is there a way to use the metadata of a file to distinguish if it is a video file or if it isnt?
I have tried using extensions but I find searching each file extension and comparing it with a list of extensions is quite time consuming.
Yes it is possible to determine file type without using the file extension. You can do this by reading the file header also sometimes referred as file signature which occupies first few bytes of the file.
How many bytes do file header/signature occupy? This depends from file type to file type. So you should check the internet for more detailed information about the file header/signature for specific file type you want to identify.
You can find list of some more popular signatures List of file signatures - Wikipedia
PS: Most program stopped relying only on file signatures for determining file way back when first Windows came out. The main reason for this was the fact that since in the beginning file extensions were limited to three character length (limit of the old file systems like old FAT8 or FAT16) world quickly ran out of possible file extensions so multiple programs began to use same file extensions but used completely different file types. So by storing file header/signature at the beginning of the file you would no longer be limited by this file system limitation.
Given a certain HDF5 file (HDF5 format), how can I know the version of the file format that has been used for its creation?
Context. It is said in the documentation that when you create/write a file the library the following applies for backward compatibility:
An HDF5 Library of any given release is designed to read all existing
HDF5 files from that or any prior release. Although major versions
sometimes contain features that require additions and/or changes to
the HDF5 file format, the library will by default write out files that
conform to a maximum compatibility principle. That is, files are
written with the earliest version of the file format that describes
the information, rather than always using the latest version possible.
This provides the best forward compatibility by allowing the maximum
number of older versions of the library to read new files.
I have tried tools like h5stat but it does not output the info that I want.
Thank you.
Here is an answer in the last question https://ftp.hdfgroup.org/hdf5-quest.html#h5dumpvers
Q: Can you add an option to h5dump or h5ls to print the version of a file ?
A: No, we do not plan on adding this option. Users should use attributes to specify the version of a file. There are many reasons why we shouldn't add this. For example, different objects in the file could be created or modified by different versions of the library.
Is there a way to figure out what version of Xilinx was used to generate a bitfile just by looking in the bitfile? I've opened the bitfile in a hex editor, and only see the project name, date, and fpga model. See below.
Thanks!
Impossible, though this is not official: http://home.earthlink.net/~davesullins/software/bitinfo.html its README contains the following chunk.
Bitinfo is a simple utility that parses the header of a Xilinx bit file
and outputs all the information that can be obtained from that header.
This information includes the Xilinx FPGA the bit file was created for,
the NCD file the bit file was created from, the creation date and time,
and the bitstream length.
I guess you have to fallback on wildguess based on date/time. Good luck.
Okey, this is not a core programming question; it is more of a question regarding cgns (CFD general notational system) API.
I've exported a grid/mesh file from ANSYS Fluent (which was first created in Gambit 2.46), and I wrote a very simple Fortran program to open and close it (doing nothing else). To check the file is not corrupt I plotted it in Tecplot.
So, when I compiled using gfortran with the mentioned cgns and ran the program I got this error (as part of cg_error_exit_f())
ADF_Database_Open:File does not exist or is not a HDF5 file
Here is the program
program cavity
include "/usr/include/cgnslib_f.h"
call cg_open_f("Cavity.cgns",CG_MODE_READ,index_file,ier)
!check for error if so exit
if (ier .ne. CG_OK) then
call cg_error_exit_f()
end if
write(*,*)"I kind of opened the file?"
call cg_close_f(index_file,ier)
stop
end program cavity
I'm able to write both structured and unstructured grids in cgns format, without any problem.
I suspect the cgns library I'm using(version 2.5.5 packaged in Fedora 15 and Scientific linux 6.1) is built to support only HDF5, while the exported grid file is written in ADF format.
Any ideas to circumvent this or perhaps adding ADF? Which by the way is not packaged in both the distributions. Any other grid generator which is compatible with cgns version 2.5.5?
I hope I was clear. Any further info required, I would provide.
There is so much that could've gone wrong in here, and I'm afraid you didn't exactly narrow the problem down.
You said you exported a file from Fluent (what kind of a file is it? Be sure!). cg_error_exit_f() gave you an error listed. I'm assuming you have the source of the mentioned routines? In the program you include a cgnslib_f.h file - what's in it? I'm assumming the program compiled without errors of any kind, making this a file format question, not a fortran question.
Again, verify what kind of file Fluent produced.
When I ran into this situation, I discovered the following tools:
hdf2adf
adf2hdf
They are in the cgns-convert package on Ubuntu and are probably available for your distribution as well.
We are capturing packets to a file using tcpdump(). I need to write a program to parse it, does anyone know where I could find a file layout for a dump file created by this tool?
tcpdump uses libpcap; there are docs describing the libpcap file format which should give you what you need.
The easiest way to parse the file is to read it with libpcap; libpcap can be used directly from C and C++, and there are wrappers for a number of other languages. That way you don't have to know what the file layout is (and you will also be able to read at least some pcap-ng files if your program is using libpcap 1.1 or later).