I recorded a pcap file with wireshark and now I want to get rid of the pcap header.
Means: I want my .pcap file to start directly with my ethernet frame (source & destination MAC) and get rid of the PCAP headers.
0
votes
1 Answers
0
votes
libpcap files only have a 24 bytes header at the start. The following command does the trick:
cat in.pcap | tail -c +25 > out.pcap
