Wireshark · Ethereal-dev: Re: [Ethereal-dev] how to parse a ethereal capture file

Ethereal-dev: Re: [Ethereal-dev] how to parse a ethereal capture file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 11 Aug 2004 11:47:27 -0700

On Tue, Aug 10, 2004 at 06:31:24PM -0700, weijun jiang wrote:
> Can anyone point to me where I can find any document for the file format
> and if there is any library (libpcap?) I can use for my application?

The format is libpcap format, so libpcap/WinPcap can be used to read it
- use "pcap_open_offline()" to open it, and "pcap_loop()",
"pcap_next()", or, in newer versions of libpcap/WinPcap,
"pcap_next_ex()" to read the packet time stamp/length information and
raw packet data.

References:
- [Ethereal-dev] how to parse a ethereal capture file
  - From: weijun jiang

Prev by Date: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
Next by Date: Re: [Ethereal-dev] dissector newbie needs some guidence..
Previous by thread: [Ethereal-dev] how to parse a ethereal capture file
Next by thread: [Ethereal-dev] Patch for packet-snmp.c
Index(es):
- Date
- Thread