I have to get information about lipcap version and link-layer of a pcap file. So, I did code through Python. But, I don't know the python well.
My code is below:
import dpkt
import socket
import sys
f = open('filename')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
print ts, len(buf)
I have to get information about lipcap version and link-layer of a pcap file.
For the link-layer header type, from a quick look at the dpkt code there appears to be a datalink method for a Reader, which returns the link-layer header type, so try pcap.datalink.
As for the libpcap version:
I want to get the version of libcap a file I was created.
Unfortunately, 1) not all pcap files are created with libpcap and 2) there's no place in pcap files to store the libpcap version (there's a version field, but it's used for the version number of the file format, not the library), so there is no way to get from a capture file the version of libpcap used when the file was created - that information isn't in the file, and it can't be in the file (no place to put it, and no guarantee that libpcap was at all involved in the creation of the file in the first place).
