Elizabeth,
I like to use the
Print to file function, you can make it expand all protocols and include the
HEX. Then you can post process the file with anything you
want.
This make it nice
because you can override certain decodes. Ex: When WebLogic is passing
HTTP traffic on port 23001 instead of port 80. Then I can tell Ethereal
to decode it as HTTP and see the decoded information in the Print file.
It makes it much easier for me to process when I let Ethereal do the decode
work.
Also, if
there is special details in the data portion of the packet, I can process the
HEX dump to find what I need.
Hope the
helps,
David
David
DuPre'
Executive Performance
Engineering Consultant
HyPerformix Inc.
Website: www.hyperformix.com
From:
ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Elizabeth Van
Nostrand
Sent: Thursday, July
21, 2005 10:37 AM
To:
ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] ethereal output
format
I'm writing a program to take
capture files, filter out the packets specific to a particular program, and
display them for the user. It's designed for debugging. This would
be a lot easier if I knew the format of ethereal capture files, but I haven't
had any luck finding the specifications. Does anyone know where to find
a detailed description of the output format? Any format would do, but
I'd prefer libpcap if possible. Thanks,
-Elizabeth Van
Nostrand
