>besides this, there is also packetboy at www.ndgsoftware.com
I downloaded the demo of this out of curiosity, it appears to prefer Sniffer
version 4 files (.ENC files) which Ethereal already supports. .ENC is the
default extension in both loading and saving files. Interestingly enough,
it does know how to read the infamous "compressed" Sniffer files, but when
it writes them it writes uncompressed.
It also supports a save as to a text format, which is not too useful because
it is just the packet breakdown with no raw (hex) data.
Plus it also saves to a "RAW" packet format, but this isn't too useful
either. Not even sure why it is there. It writes all the packets, one
after the other, into a binary file. I'm not sure what you could even do
with such a file.
On a related note, has anyone ever looked at reverse engineering the
compressed Sniffer file format? I've been thinking about doing it since I
keep running into these files, but I don't want to duplicate effort.
=====================================
Tim Farley
Software Engineer
tfarley@xxxxxxx
Internet Security Systems, Inc.
(678) 443-6000 / Direct Dial (678) 443-6189 / fax (678) 443-6479
http://www.iss.net
Adaptive Network Security for the Enterprise
=====================================
