If you run tcpdump with two constraints (eg every 30 seconds and max size 2mb) it will create files with the extension pcap1, pcap2 etc.
tcpdump man page
-rw-r--r-- 1 root root 226K Aug 26 12:07 wlan0-23-08-26_12.06.59.pcap
-rw-r--r-- 1 root root 2.0M Aug 26 12:07 wlan0-23-08-26_12.07.29.pcap
-rw-r--r-- 1 root root 2.0M Aug 26 12:07 wlan0-23-08-26_12.07.29.pcap1
-rw-r--r-- 1 root root 1.1M Aug 26 12:07 wlan0-23-08-26_12.07.29.pcap2
-rw-r--r-- 1 root root 2.0M Aug 26 12:08 wlan0-23-08-26_12.07.59.pcap
Tulip wont ingest these files as it only accepts .pcap and .pcapng. This change fixes that.
Now it will accept any file with an extension starting with pcap.
If you run tcpdump with two constraints (eg every 30 seconds and max size 2mb) it will create files with the extension pcap1, pcap2 etc. tcpdump man page
Tulip wont ingest these files as it only accepts .pcap and .pcapng. This change fixes that. Now it will accept any file with an extension starting with pcap.