Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] PATCH - Allow editcap to report # of packets infile

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Tue, 27 Jul 2004 14:20:21 -0700 (PDT)
Olivier Biot said:
> I think one interesting tool is a tool which acts like the *NIX "file"
> command which guesses the file type. How about calling this new tool
> (which only READS capture files) cap_info, cap_type or cap_file?

The *NIX "file" command - or, at least, the "Ian Darwin" version:

    ftp://ftp.astron.com/pub/file/

 does at least some of that for capture files:

    % file tcp-reassembly.pcap
    tcp-reassembly.pcap: tcpdump capture file (little-endian) - version
2.4 (Ethernet, capture length 65535)

It recognizes many of the capture files with magic numbers (and I should
send to Christos Zoulas, the current maintainer of that version of "file",
any of the others that Ethereal recognizes but it doesn't).  It doesn't do
the heuristics, though.

That version of "file" is what's used in, I think, many Linux
distributions, as well as a number of BSDs, and runs on other UN*Xes as
well.  (It might also be the "file" in Cygwin.)  Those versions might not
have the latest magic file, though.

A command to return various properties of capture files might still be
useful.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube