Wireshark · Ethereal-users: Re: [Ethereal-users] Capture Files

Ethereal-users: Re: [Ethereal-users] Capture Files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Thu, 24 Apr 2003 10:58:28 -0700

On Thu, Apr 24, 2003 at 10:05:20AM +0200, Eberhard Stollsteimer wrote:
> what are capture files in a format Ethereal understands ?

The current version of Ethereal (0.9.11) reads files in the formats
listed in this item:

	http://www.ethereal.com/faq.html#q1.5

> Which path do I have to set in the field 'Capture File' ?

If by "the field 'Capture File'" you mean the "File:" filed in the
"Capture file(s)" section of the "Capture Options" dialog box that pops
up when you select "Start" from the "Capture" menu - as I infer might be
the case given that you said

> I have already installed WinPcap 3.0 .

which is relevant only if you plan to capture packets - you don't have
to put *anything* in that field.  By default, Ethereal writes captured
packets to a temporary file, and you can save the capture to another
file after the capture is complete; if you want it to save the captured
packets, as it captures them, to a non-temporary file, you'd put the
pathname of that file in that field.

The files to which Ethereal saves packets as it's capturing them are in
libpcap format, which is also the format used by tcpdump/WinDump.

References:
- [Ethereal-users] Capture Files
  - From: Eberhard Stollsteimer

Prev by Date: RE: [Ethereal-users] WEP ICV (integrity check value)
Next by Date: Re: [Ethereal-users] ethereal does not recognize my interface
Previous by thread: [Ethereal-users] Capture Files
Next by thread: [Ethereal-users] PDF User Guide for 0.8.19 on Ethereal website
Index(es):
- Date
- Thread