The pcapng file format stores a ton of crazy metadata in your files.
-
The pcapng file format stores a ton of crazy metadata in your files. What exactly gets stored depends on what is used to create the pcapng file, but Wireshark and mergecap do reveal a bit about the computer used to create the pcap.
@netresec wrote a nice blog post about this a few weeks ago, including how to make regular pcap the default setting in wireshark (and Erik reached out to me to warn me about some pcaps I had shared publicly, I still need to update my git repo to remove said pcapng files...how annoying of a process it is to do this! So don't be a dummy like me, make pcap your default, and be cautious where you share pcapng files).
-
S sebastian@social.itu.dk shared this topic