Bug#705221: ITP: pcapfix -- repair broken pcap files
Package: wnpp
Severity: wishlist
Owner: Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
* Package name : pcapfix
Version : 0.7.2
Upstream Author : Robert Krause <ruport@f00l.de>
* URL : http://f00l.de/pcapfix
* License : GPL3
Programming Lang: C
Description : repair broken pcap files
pcapfix tries to repair your broken pcap files fixing the global header and
recovering the packets by searching and guessing the packet headers.
.
The tool first checks for an intact pcap global header and repairs the all
file if there are some corrupted bytes. It there seems to be no global header
at all, pcapfix adds a self-created one at the beginning of the file. In a
second step the tool tries to find pcap packet headers inside the file, below
the global header. It checks if the values are correct (or seem to be
correct) and tries to repair a packet if there is something wrong.
.
But, why? Sometimes your captured pcap files (from tcpdump, Wireshark or other)
got cut off or are being corrupted in other ways. Although some captured the
flag challenges deal with damaged pcap files periodically.
.
pcapfix will first step through the packets top down until it recognizes a
corrupted one by using plausibility checks. After that the tool will brute
force further pcap packet headers by reading the file byte by byte. If another
proper packet is found, pcapfix restores the data in between by adding a
well-formed pcap packet header.
.
Screenshot: http://f00l.de/pcapfix/pcapfix-0.4.png
Reply to: