Elizabeth,
I like to use the Print to file
function, you can make it expand all protocols and include the HEX. Then
you can post process the file with anything you want.
This make it nice because you can
override certain decodes. Ex: When WebLogic is passing HTTP traffic on
port 23001 instead of port 80. Then I can tell Ethereal to decode it as
HTTP and see the decoded information in the Print file. It makes it much
easier for me to process when I let Ethereal do the decode work.
Also, if there is special details
in the data portion of the packet, I can process the HEX dump to find what I
need.
Hope the helps,
David
David DuPre'
Executive Performance Engineering
Consultant
HyPerformix Inc.
Website: www.hyperformix.com
From:
ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx]
On Behalf Of Elizabeth Van
Nostrand
Sent: Thursday, July 21, 2005
10:37 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] ethereal
output format
I'm writing a program to take capture files, filter out
the packets specific to a particular program, and display them for the user. It's
designed for debugging. This would be a lot easier if I knew the format
of ethereal capture files, but I haven't had any luck finding the
specifications. Does anyone know where to find a detailed description of
the output format? Any format would do, but I'd prefer libpcap if
possible. Thanks,
-Elizabeth Van Nostrand
