dnsreplay does not support pcap-ng

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist

https://www.powerdns.com/

GNU General Public License v2.0

3.65k stars 906 forks source link

dnsreplay does not support pcap-ng #4509

Open cmouse opened 8 years ago

cmouse commented 8 years ago

$ sudo tshark -npi eth0 -w /tmp/out.pcap port 53
$ ./dnsreplay /tmp/out.pcap 194.100.0.100 53
Fatal: PCAP file /tmp/out.pcap has bad magic a0d0d0a, should be a1b2c3d4
$ file /tmp/out.pcap
/tmp/out.pcap: pcap-ng capture file - version 1.0

cmouse commented 8 years ago

https://cmouse.desteem.org/sample-pcap-4509.pcap

johnhtodd commented 4 years ago

While the underlying issue of 'PCAPNG' now being a bit more standard than PCAP needs to be addressed as a part of this ticket, I'll note that conversion can be quickly done on existing files with the wireshark tool editcap. Example: editcap -F libpcap /tmp/filecapture.pcapng /tmp/filecapture.pcap

rgacogne commented 4 years ago

I wonder if we should consider using one of the libraries listed at the bottom of https://github.com/pcapng/pcapng/wiki/Implementations, perhaps PcapPlusPlus?

seladb commented 4 years ago

hello, I'm PcapPlusPlus maintainer. Please let me know if you need any help with working with PcapPlusPlus to read/write pcapng files

Habbie commented 4 years ago

hello, thanks for the offer! We are not currently doing anything about this, but we'll keep you in mind!