Partitioned pcap file - networking

I received a network traffic capture that is partitioned is several hundred of small .pcap files with the following format:
name.pcap#
where # is a numeration from 1 to 630.
Something like this:
name.pcap1,name.pcap2,name.pcap3,...,name.pcap630
I know that all of them are from one continue capture but it seems that was partitioned.
I don't have a lot experience working with wireshark, and this type of files are new for me. I don't know how to read them as one file.
I was wondering what can I do to resemble all of them in just one file?
Many thanks in advance,

I was wondering what can I do to resemble all of them in just one file?
At least with the current version of Wireshark, if you:
start Wireshark without opening a file - just directly start the application;
select all 630 of the files in Windows Explorer/File Explorer (Windows), the Finder (macOS), or whatever file manager you are using in the GUI (other UN*Xes - Linux, *BSD, Solaris, AIX, etc.);
drag them into Wireshark;
Wireshark should read all the files and combine them into a single file, showing you all the packets.
I tested this on macOS; I have not tested it on Windows or, for example, Ubuntu, but I suspect it would work.
Note that you must select all the files and drag them all in one operation; if you try to drag them one at a time, they won't be combined, Wireshark will just close the currently open one and open the file that you're dragging and dropping.
Alternatively, Wireshark includes mergecap, which is a tool that "merges two or more capture files into one".
It is a command-line tool, so you will have to use it on the command line (UN*X - Linux, macOS, *BSD, Solaris, AIX, etc. - or Windows).
The command would be something such as
mergecap name.pcap* -w merged.pcap
(on UN*Xs) or
mergecap.exe name.pcap* -w merged.pcap
if you were to run it while your command-line shell is in the directory (folder) in which the files are stored. This command will put a new file, named merged.pcap, in that directory.
You will have to make sure that the directory containing mergecap is in your command-line shell's search path, or will have to type the full pathname rather than just mergecap. (The .exe may not be necessary on Windows with some command-line shells, but it doesn't hurt, and may be necessary with other command-line shells.)
On most UN*Xes, mergecap will probably be in /usr/local/bin or /usr/bin, both of which are in the command-line shell search path by default.
On macOS, mergecap will probably be in /Applications/Wireshark.app/Contents/MacOS/; however, if, when you installed Wireshark, you chose to install the Wireshark command-line tools, it will also be in /usr/local/bin, which is, again, in the command-line shell search path by default.
On Windows, mergecap will probably be in C:\Windows\Program Files\Wireshark. That is probably not in the command-line shell search path by default. If you don't put it in your command-line shell search path, you will have to run a command such as
`"C:\Windows\Program Files\Wireshark\mergecap.exe" name.pcap* -w merged.pcap
Adding it to the command-line shell search path is a painful process, so it's probably easier just to use the full path.
You must include the quote characters (because there's a space in "Program Files").

Related

need to find the path for my file (cygwin in Window7)

My apology for the "newbie trouble" that I created for myself & apology for my poor command of computer lingo
I am running a Windows 7 laptop and have a big text file (~4Gb) that I need to find certain string.
Most programs in Windows 7 cannot handle the task (file too big to open in any program in the Microsoft suite), so I downloaded cygwin and tried to grep the specific string.
The problem is
(a) the 4 Gb file is stored in the desktop of my non-admin account.
(b) I assume cygwin runs in the admin account (although I use the desktop cygwin icon to launch the environment). The reason being that under cygwin, I see the handle A#Admin-THINK (running it on a Lenovo Thinkpad laptop)
grep the file of interest results in "No such file or directory"
I tried to find the path of the file (readlink, realpath) but guess the commands were not applicable here?
Also tried /home/A/file or /home/A/desktop/file but it is clear that my random guess fails.
From windows, the file should be in
C:/Users/non_admin/desktop/folder/file
What would be the right path of the file to grep the string using cygwin ?
You can use /cygdrive to access the Windows filesystem. In your case, try
grep foo /cygdrive/c/Users/non_admin/Desktop/folder/file
From windows, you can get the correct file path from the context menu item Copy as path into the copy/paste buffer.
In Cygwin mintty, use
FilePath=<paste>
where <paste> means to use paste from mintty's context menu to make a variable with the value of that path.
Then use
grep <string> $(cygpath -u "$FilePath")
to search the file. The "'s are in case the file name contains spaces.
HTH

ConEmu + zsh: how will keyboard shortcuts and other shell features work?

I'm trying to wrap my head around this: on Windows, I use cmder (a wrapper around ConEmu) which improves on the bare cmd.exe experience (a lot) but can also host other shells like PowerShell or Git Bash. I'd like to go more "unix-y" but still well integrated with my Windows tools. Git Bash strikes the right balance for me: I can do things like rm -rf node_modules but still run my Windows commands fine.
It's easy to get Git Bash going inside cmder, however, I'd like to replace the shell with zhs, mainly to get the super-useful "up arrow respects the current prefix" feature (I write git, press the up arrow and only get suggestions on the recent Git commands).
The question is, who will handle the up arrow? Will it be ConEmu and do Windows-y stuff (cycling through all the commands) or will it fall down to zsh and the cycling will be implemented by it? How does this work?
Related: ConEmu: possible to change the up arrow behavior?
ConEmu's disclaimer states
ConEmu is not a shell, so it does not provide "shell features" like remote access, tab-completion, command history and others.
Only the shell itself knows when user types a command and only the shell may store executed commands history. Of course, only the shell may process Up/Down/Tab keys to "browse" stored history of commands.
cmder is a bundle of tools including clink, which integrates into cmd.exe and process cmd's prompt internally. So, in cmder by default Up/Down/Tab arrows are processed by clink.
More info is here: http://conemu.github.io/en/TabCompletion.html

Move zip file with today's date (like ABC_20161010_DEF.zip) from Linux server to Windows server using sftp

I am using below code to move zip file.
Unfortunately I am unable to get set part right. I want to set Dt to have value like "ABC_20161010_DEF.zip"
open UserNameHere#ServerNameHere
ascii
cd "ValidPathHere"
lcd "ValidPathHere"
Set Dt=SomePrefixHere_%date:~-4,4%%date:~-10,2%%date:~-7,2%_SomeSuffixHere.zip
get Dt
pause
quit
You are mixing SFTP client (OpenSSH sftp?) commands (open, get, etc.) with Windows batch file commands (set). That's not possible.
You have to call the set from Windows batch file and then use the resolved value in the SFTP script. How to do that depends on capabilities of your SFTP client.
If you are using the OpenSSH sftp, you have to generate the script on the fly, as its script cannot resolve environment variables. In the other hand, the OpenSSH sftp does not have the ascii command. So I'm not sure, what client you are using actually.
Also note that using the date environment variable is not reliable. It gives different values with different locale. For example, on the US locale the %date% resolves to ddd, mm/dd/yyyy, so you will get yyyymmdd. On the contrary, on the UK locale, the %date% resolves to dd/mm/yyyy, so you will get yyyyddmm. On other locales, you can get yet another results.
An easy and more reliable solution, is using the WinSCP SFTP client, with its locale-independent %TIMESTAMP% syntax. WinSCP also supports the ascii/text mode (using the -transfer=ascii switch), if you need that.
With WinSCP scripting, you can use a batch file (.bat) like:
"C:\Program Files (x86)\WinSCP\WinSCP.com" ^
/log="C:\writable\path\to\log\WinSCP.log" /ini=nul ^
/command ^
"open sftp://username:password#example.com/ -hostkey=""...""" ^
"get -transfer=ascii ""/remote/path/SomePrefixHere_%%TIMESTAMP#yyyymmdd%%"" ""C:\local\path\""" ^
"exit"
You can even have WinSCP generate the script/batch file template for you.
(I'm the author of WinSCP)

Why am i able to run unix commands on my PC?

How am i able to execute UNIX commands on my PC Command prompt? Note i do not have cygwin installed, although i was going to before i discovered this.
This is a development machine so i have a lot installed on it like ruby, python, git, github, node and so on.
What does this mean? can i use this without cygwin?
Here is a list of programs installed on my PC program list
How am I able to execute UNIX commands on my PC Command prompt?
You can use the where command in a cmd shell to find out the exact location of your Unix commands, for example:
where ls
This assumes, of course, that ls is located somewhere in your current PATH.
The location returned will show you in which directory your Unix commands are installed and may be enough for you to determine how they were installed.
The where command is roughly equivalent to the Unix which command.
By default, the search is done in the current directory and in the
PATH.
Syntax
WHERE [/r Dir] [/q] [/f] [/t] Pattern ...
WHERE [/q] [/f] [/t] [$ENV:Pattern
Source where
Further Reading
An A-Z Index of the Windows CMD command line - An excellent reference for all things Windows cmd line related.
where - Locate and display files in a directory tree.
Running Unix commands in windows can be done by having a tool like Cygwin which has those commands.
You can also get many of those commands compiled for windows and then run them using the command with the full path or only the command if the executable is in a path known by adding the paths to the executable files in Windows by :
1) Running in the terminal: PATH %PATH%;C:\<new_path>
2) Creating command aliases like: doskey np=C:\<new_path>\new_command.exe $*. $* is used to be able to transmit parameters

Console Window Host, always use quotes?

Console Window Host, or conhost.exe allows you to drag a file or folder into a cmd.exe window, instead of typing the path.
If the path contains any spaces then it is wrapped in double quotes, eg
"C:\Program Files"
Problems
Ampersand
If you happen to have a path with & dragging it will fail
cd C:\foo&bar
The system cannot find the path specified.
'bar' is not recognized as an internal or external command, operable program
or batch file.
Bash
If you happen to be using Bash on Windows then any path without a space will
fail.
$ cd C:\Windows\System32
sh: cd: C:WindowsSystem32: No such file or directory
Is there a way to make conhost always apply the quotes to dragged files?
One alternative is to use Tab to complete the path.
I had to edit my ~/.inputrc to add this.
"\t": complete-filename
source: gnu.org/software/bash/manual/bashref
Use mintty
It is the default terminal in Cygwin.
It is also available for MinGW.
It uses Linux like paths when dragging
Adds quotes when necessary.
Note
mintty will not have colors when running native Windows shell apps.
superuser.com/questions/184186
Use Console
It is available for MinGW
It uses Windows paths, but puts quotes on everything
Colors work even with native Windows shell apps
Notes
I considered mintty, but it does not
support colors with native Windows shell apps, ie Git.
superuser.com/questions/184186
Console is nice but it is very slow

Resources