Wireshark · Ethereal-users: Re: [Ethereal-users] saving ethereal results as a text file

Ethereal-users: Re: [Ethereal-users] saving ethereal results as a text file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 24 Jan 2006 03:16:41 -0800

chedly ghedira wrote:

i want to analyse ethereal files by writing a script, but i noticed thatonly ethereal can open the file.

Actually, the file format Ethereal captures in, by default, is libpcapformat, which can also be read by Tethereal (not a surprise, as it usesthe same code), tcpdump, and various other programs that can readlibpcap files. Perl has a Net::Pcap package in CPAN that can readlibpcap files; other scripting languages might have libpcap support as well.

However, what you get when you read that file is raw packet data. Youhave to parse all the packet data yourself.

How can i save the result as a file text,


File -> Export -> as Plain Text file.

That'll write out the summary list of packets, or the detaileddissection of all packets.


There's also

File->Export->as "CSV"
File->Export->XML - "PSML"
File->Export->XML - "PDML"

which might be better formats for a script to process.

Follow-Ups:
- Re: [Ethereal-users] saving ethereal results as a text file
  - From: chedly ghedira

References:
- [Ethereal-users] saving ethereal results as a text file
  - From: chedly ghedira

Prev by Date: Re: [Ethereal-users] saving ethereal results as a text file
Next by Date: Re: [Ethereal-users] saving ethereal results as a text file
Previous by thread: Re: [Ethereal-users] saving ethereal results as a text file
Next by thread: Re: [Ethereal-users] saving ethereal results as a text file
Index(es):
- Date
- Thread