Wireshark · Ethereal-dev: Re: [Ethereal-dev] reading diff. file formats how to???

Ethereal-dev: Re: [Ethereal-dev] reading diff. file formats how to???

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 25 Jul 2003 23:13:40 -0700

On Sat, Jul 26, 2003 at 11:31:57AM +0530, Puneet wrote:
> I am looking for modules in ethereal where it reads the .cap file and
> .apc files formats. 

The code to read capture files is in the "wiretap" subdirectory of the
source.  There are several different types of capture file that, on
Windows, have ".cap" as a suffix, so there are several modules that can
read ".cap files", such as "wiretap/netxray.c" for NetXRay and Windows
Sniffer files and "wiretap/netmon.c" for Microsoft Network Monitor
files.

I infer from your reference to WinPcap that you might be familiar with
Analyzer, which I *think* uses ".apc" as the suffix for native
libpcap/WinPcap format, which is also the native format for Ethereal and
tcpdump/WinDump.  If so, then "wiretap/libpcap.c" is the file that reads
those files.  I don't know which of those Analyzer considers to be ".cap
files".

Follow-Ups:
- Re: [Ethereal-dev] reading diff. file formats how to???
  - From: Puneet

References:
- [Ethereal-dev] reading diff. file formats how to???
  - From: Puneet

Prev by Date: [Ethereal-dev] reading diff. file formats how to???
Next by Date: Re: [Ethereal-dev] reading diff. file formats how to???
Previous by thread: [Ethereal-dev] reading diff. file formats how to???
Next by thread: Re: [Ethereal-dev] reading diff. file formats how to???
Index(es):
- Date
- Thread