Unable to open ping_capture.pcap file in Wireshark
try understanding how to create .pcap files using tcpdump command.
learn about various flags of tcpdump
Dont use the general commands that we use to store something in file. You need to modify the tcpdump command so that it redirects output to a file
google about tcpdump various options
if you use grep command it will show you the output in human readable format
so wireshark can’t understand it
you need to write the file using -w option because it write files in .pcap format
wireshark understand only .pcap file
for reference https://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/
Hint: Hey @mutant use -w switch in tcpdump for your task.
You would get the reason for the error if you open the pcap file in an editor - Yes, it’s showing you raw text inspite of having the name pcap . It’s because when we use redirection to save the output of
tcpdump to a file, the text formatted output is saved and not the actual content itself. Due to this, lots of information like the protocol related things will be lost.
Now, Wireshark can’t read text files and it doesn’t care if the file is named pcap. So, as others suggested use
tcpdump flags itself to save the packets captured`
Please go through this https://opensource.com/article/18/10/introduction-tcpdump