Ethereal-dev: Re: [Ethereal-dev] Default file extension for captures?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 31 Jan 2001 14:00:51 -0800 (PST)
> Has there ever been any discussion about adopting a default file
> extension for captures saved in Ethereal?  I typically save my capture files
> with the .dmp file extension, but given the current mechanism for
> opening capture files, there is no way to filter directories on a file
> extension.

I personally use ".pcap" for libpcap files and ".snoop" for snoop files;
note that there isn't *a* file extension to be used, as Ethereal can
read a variety of file types, including file types from various Windows
sniffer programs, e.g. Sniffers with ".enc" or ".trc" or..., and Network
Monitor files with ".cap".

> Along the same lines, what is the purpose of the "Filter" button on the
> "Open Capture File" dialog?  I am confused by the behaviour.

It's for using a "read filter" when reading a capture file; a "read
filter" is a display filter expression - if a "read filter" is used in
Ethereal or Tethereal when reading a capture, only packets that match
the filter are seen, others are discarded when reading.