Ethereal-users: Re: [ethereal-users] Read/export capture files with tethereal?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 27 Sep 2000 15:28:17 -0700 (PDT)
> Is it possible to read in and then export a tcpdump capture
> file from the command-line using tethereal?
> 
> What I want to do is to read in a file that was captured
> with the tcpdump which is installed by default on Redhat 6.1,
> and then export the capture file to a format which can
> be read by the tcpdump from LBL.  (We have some reporting tools
> which use the "standard" libpcap for parsing tcpdump trace files).

That's certainly doable - Tethereal can read any capture file format
that Ethereal can read, and Ethereal can read RH 6.1 capture files
(assuming that its heuristics to discover that it's an RH 6.1 capture
file can work on that particular file), but, whilst Tethereal *could* do
that:

	tethereal -r <RH 6.1 file> -F libpcap -w <standard tcpdump file>

it's not the only tool that can do that - editcap, which also comes with
the Ethereal package, can also do it

	editcap -F libpcap <RH 6.1 file> <standard tcpdump file>

and it does less work than does Tethereal so it may be a better choice.