brweber2
commented
9 years ago This library supports the PCAP format but it does not have implementations of most protocols contained within such files. It does have Ethernet, IP, UDP, DNS and possibly one or two more (I can't recall off the top of my head).
Additional protocols can easily be added, but if you would like to support a wide array of protocols please understand that you will either end up implementing most of them yourself or your best bet is to use another library. (Probably one that wraps c code)
If you can share your pcap file either publicly or privately I can help you move past this particular error if you would like.
Thanks. Bryan
On Jun 25, 2015, at 8:40 AM, Martín Varela notifications@github.com wrote:
When trying to parse a TCP-only pcap file, captured like so:
sudo tcpdump -ien4 -c100 -w traffic.dump 'tcp' I've created a dummy app that depends on expcap, and I'm doing:
iex -S mix rlang/OTP 17 [erts-6.3] [source] [64-bit] [smp:8:8] [async-threads:10] [hipe] [kernel-poll:false] [dtrace]
Interactive Elixir (1.0.2) - press Ctrl+C to exit (type h() ENTER for help) iex(1)> import ExPcap nil iex(2)> ExPcap.from_file "traffic.dump" \ (CaseClauseError) no case clause matching: <<6>> lib/protocol/ipv4.ex:50: PayloadType.Protocol.Ipv4.payload_parser/1 lib/expcap.ex:95: ExPcap.parse_packet/3 lib/expcap.ex:107: ExPcap.read_packet/3 lib/expcap.ex:137: ExPcap.read_packets/3 lib/expcap.ex:157: ExPcap.read_pcap/1 (elixir) lib/file.ex:950: File.open/3 (elixir) lib/file.ex:966: File.open!/2 iex(2)> The pcap file itself is not corrupt, and it opens properly in Wireshark.
— Reply to this email directly or view it on GitHub.
mvarela
When trying to parse a TCP-only pcap file, captured like so:
I get an error when trying to parse it.
What I've done is creating a dummy app that depends on expcap, and then:
The pcap file itself is not corrupt, and it opens properly in Wireshark.