Tools for tracing a pcap file in linux bash

Pcap files are pocket capture files. They usually contain raw log of network connections and packets. It is the most popular format and it available in almost all network analysis tool.

To play around *.pcap, you have to get such file somehow. There are two opposite ways: to generate it by yourself or to pick a ready one. To generate it by yourself, you can use wireshark or tcpdump in terminal:

tcpdump -w capture.pcap -i eth1


replace “capture.pcap” with desired output filename, “-i eth1” indicates the interface for the logging to be done.