Wireshark · Ethereal-users: RE: [Ethereal-users] Quick Question for you.

Ethereal-users: RE: [Ethereal-users] Quick Question for you.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>

Date: Wed, 17 Jan 2001 22:13:17 -0600

Hrm...

Let me look into this a little more, but I was successful in getting the
latest version of Sniffer Pro to read files written by ethereal when saved
in the Sniffer for Windows format, PROVIDED that I named the file with a
.cap extension.  Any other extension and Sniffer got confused.

Let me rerun the experiment, and verify exactly which version of Sniffer Pro
we used for that test.

--J

> -----Original Message-----
> From: Shawn Sterling [mailto:shawn.sterling@xxxxxxx]
> Sent: Wednesday, January 17, 2001 5:42 PM
> To: 'Guy Harris'; Internet Security
> Cc: 'ethereal-users@xxxxxxxxxxxx'
> Subject: RE: [Ethereal-users] Quick Question for you.
> 
> 
> 
> > > Is there a way to capture data using tethereal with Network 
> > associates
> > > Windows Based 2.00x format?
> > 
> > Presumably you ultimately mean "is there any way to *write* capture
> > files that can be read by Sniffers?"
> 
> 	Yes. Particularly I want to write a file with tethereal 
> that will 
> be readable with NAI's Sniffer Pro 4.0+ . Ethereal can read Sniffer 
> Pro's format, so I thought there might be a sneaky way to 
> also write it. 
>  
> > If the files it currently writes aren't readable by 
> Sniffers, the only
> > way to do so would be to debug the current code into working.
> > 
> > This would require somebody who has Sniffers to spend time with the
> > code, comparing files that work with the files written by 
> > Ethereal, and
> > trying various things until they get something that the 
> Sniffers *can*
> > read.
> 
> 	Well, the current version of ethereal can read the Sniffer Pro 
> format (which seams to be netxray in disguise), so I was 
> thinking that 
> if there was already a way to read it there must be some way 
> to write it, 
> but as you have pointed out this may not be the case at all. 
>  
> > If there is any *complete* documentation on the file formats 
> > (sufficient
> > to allow the files to be written; some Sniffers had some 
> documentation
> > on the file format, but it didn't describe the format of all the
> > records, and that wasn't even enough to allow us to write 
> all the code
> > to *read* those files - we had to do some stuff by experimentation),
> > that would help.
> 
> 	I don't think there was ever any documentation written ;) Its
> amazing
> what the ethereal people have accomplished. 
>  
> > NOTE: I don't have any Sniffers handy, so I can't be that 
> > somebody (not
> > that I have the time to work on that in any case).
> 
> 	Thanks for the prompt reply. 
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>

Prev by Date: RE: [Ethereal-users] Quick Question for you.
Next by Date: [Ethereal-users] need a compiled Ethereal
Previous by thread: RE: [Ethereal-users] Quick Question for you.
Next by thread: RE: [Ethereal-users] Quick Question for you.
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$