I have some .CAP files that came from capturing packages with tcpdump. When trying to open with wireshark, the machine gets very slow, as I imagine it will try to load everything into RAM.
I would like to write a program in Python to work more efficiently with the dumps. The first question is: what is the difference between .CAP and .PCAP?
I do not need to read the entire file at once. Imagine that you want to read the .CAP file only from time (time) = 9:15 p.m. to 11:12 p.m. instead of loading it into memory. How to do this in Python? Remembering that the files are .CAP and not .PCAP.
The output of: "tcpdump -r /path/to/ficehiro.cap | less"
09:32:20.107281 IP iskcon.interactivedns.com.http > 192.168.91.34.47651: Flags [S.], seq 63
8820025, ack 2476676485, win 28960, options [mss 1380,sackOK,TS val 3245680284 ecr 42949413
64,nop,wscale 7], length 0
09:32:20.107308 IP 192.168.91.34.47651 > iskcon.interactivedns.com.http: Flags [.], ack 1,
win 229, options [nop,nop,TS val 4294941466 ecr 3245680284], length 0
09:32:20.107357 IP 192.168.91.34.47651 > iskcon.interactivedns.com.http: Flags [P.], seq 1:
181, ack 1, win 229, options [nop,nop,TS val 4294941466 ecr 3245680284], length 180: HTTP:
GET / HTTP/1.1
09:32:20.144075 IP ec2-52-73-252-184.compute-1.amazonaws.com.http > 192.168.91.34.47570: Fl
ags [.], seq 831563414:831564782, ack 387706135, win 75, options [nop,nop,TS val 499391566
ecr 4294941090], length 1368: HTTP
09:32:20.144094 IP 192.168.91.34.47570 > ec2-52-73-252-184.compute-1.amazonaws.com.http: Fl
ags [.], ack 1368, win 816, options [nop,nop,TS val 4294941475 ecr 499391566], length 0
09:32:20.144368 IP ec2-52-73-252-184.compute-1.amazonaws.com.http > 192.168.91.34.47570: Fl
ags [.], seq 1368:2736, ack 1, win 75, options [nop,nop,TS val 499391566 ecr 4294941090], l
ength 1368: HTTP
09:32:20.144376 IP 192.168.91.34.47570 > ec2-52-73-252-184.compute-1.amazonaws.com.http: Fl
ags [.], ack 2736, win 838, options [nop,nop,TS val 4294941475 ecr 499391566], length 0
09:32:20.145197 IP ec2-52-73-252-184.compute-1.amazonaws.com.http > 192.168.91.34.47570: Fl
ags [.], seq 2736:4104, ack 1, win 75, options [nop,nop,TS val 499391566 ecr 4294941090], l
ength 1368: HTTP
09:32:20.145204 IP 192.168.91.34.47570 > ec2-52-73-252-184.compute-1.amazonaws.com.http: Fl
ags [.], ack 4104, win 861, options [nop,nop,TS val 4294941475 ecr 499391566], length 0
09:32:20.145214 IP ec2-52-73-252-184.compute-1.amazonaws.com.http > 192.168.91.34.47570: Fl
ength 1368: HTTP
09:32:20.145218 IP 192.168.91.34.47570 > ec2-52-73-252-184.compute-1.amazonaws.com.http: Fl
ags [.], ack 5472, win 883, options [nop,nop,TS val 4294941475 ecr 499391566], length 0
09:32:20.148032 IP ec2-52-73-252-184.compute-1.amazonaws.com.http > 192.168.91.34.47570: Fl
ags [.], seq 5472:6840, ack 1, win 75, options [nop,nop,TS val 499391566 ecr 4294941090],
Memoryconsumptionofwiresharkwhenopeninga1GBCAP: