Ethereal-users: Re: [Ethereal-users] Opening an Ethereal file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 14 Dec 2004 02:12:07 -0800
Mina sina wrote:
 >By "all the info" do you mean all the information in the summary pane
 >(packet number, source address, destination address, time stamp,
 >protocol, etc.), or do you mean all the information in the detail pane
 >for every packet?
 >If it's the detail pane, I'm not sure what a tabular form for that would
 >be, as, for example, you might have more than one instance of the same
 >field.
I mean both. the summary pane with all information AND then the details of each packet as well. Yes, you are right we can have occurance of the same field more than once in the same frame e.g occurance of TCP more than one time within the same frame etc.

There isn't any way to get Tethereal to generate that in tabular form.

Do you really need *all* the fields in the detail? If you only need specific fields, there's a way to get that in tabular form.

 >If it's the summary pane, you could use Tethereal to read the file and
 >write it out as text, which will show the columns.
I don't know how to start using Tethereal? I am using windows2000.

Ethereal's probably installed in "C:\Program Files\Ethereal" (or in whatever "Program Files" is translated to in Finnish, if Ethereal localizes that directory. There should be an "ethereal.exe" file which is the program file for Ethereal; there should also be a "tethereal.exe" - if you set your path to include that directory, then, in a command prompt window, you should be able to run Tethereal with the command "tethereal".

To read a particular file, run

	tethereal -r input_file >output_file.txt

which will read the file named "input_file" and write the summary line information to the file "output_file.txt". Other command line options can be specified to change the format of "output_file.txt", for example to write out the packet details rather than the packet summary (but that will *not* be easy to parse).