Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] file format question

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Mon, 22 Aug 2011 16:24:41 -0400
On 8/22/2011 4:08 PM, J�nos L�bb wrote:
Hi,

I do this on an Ubuntu 10.04 server:

root@doppio:~# tcpdump -c1000 net xxx.yy.zz.0/24>  /tmp/tcpdump.pcap
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode listening on eth0, link-type EN10MB (Ethernet), capture size
96 bytes 1000 packets captured 1058 packets received by filter

Then I copy it down to my Mac where I have wireshark installed.
Version 1.3.4 (SVN Rev 32340 from /trunk)


The usual first question: How did you "copy" the file ?

(The copy must be a "binary" copy).


(An additional note: Wireshark 1.3.4 was a development version of Wireshark from quite some time ago: we're up to SVN #386..
and Wireshark development versions 1.7...).

If possible, I suggest upgrading to a recent 'stable" version (1.6.1)).