Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal Dump File Format

Ethereal-dev: Re: [Ethereal-dev] Ethereal Dump File Format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Mon, 30 Aug 2004 10:36:45 -0700

Rami AlHasan wrote:

What is the format of the default dump file format used by ethereal?


Libpcap format - the same format used by tcpdump.

You can read it with a program that uses libpcap's "pcap_open_offline()"and "pcap_loop()", "pcap_dispatch()", or "pcap_next()" routines.

References:
- [Ethereal-dev] Ethereal Dump File Format
  - From: Rami AlHasan