Ethereal-users: Re: [Ethereal-users] TCPdump format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 11 Jul 2003 11:56:55 -0700

On Friday, July 11, 2003, at 11:30 AM, Niels Steenberg wrote:
I am trying to write an application to post process the data captured by 
Ethereal in the TCPDUMP format, but I need a specification of the file
format. Where can I dinf it in order to read the file with my application?
If you write your application to use the libpcap library to read the capture file (which is what tcpdump uses), you can read the data *without* a specification of the file format (a file format that, at some point, may change to add new capabilities - updated versions of libpcap will read the old and new formats, so all you'd have to do to handle the new format would be to relink if your application is statically linked with libpcap or install a new library if it's dynamically linked with libpcap).