AnsweredAssumed Answered

Working with small pcap files

Question asked by RSA Admin Employee on Dec 27, 2012
Latest reply on Jan 9, 2013 by RSA Admin

Hello,

I'm pretty new to investigator, and I'm encountering difficulties while working with very small pcap files.

The pcap files are created elsewhere, and sometimes they are very small, even just a few KBs, and have a very small number of packets in them.

Regardless of their size, I need to search these files for specific strings, and I wanted to do that using Investigator's search features.

But, when I load these files to a collection, Investigator just return an empty report and doesn't find anything when searching.

When loading the same files with Wireshark I can search the packets.

What can I do to make it work with Investigator?

 

Thanks.

Outcomes