[Guy Harris <guy@xxxxxxxxxx>]

> Yes. I want to capture mostly the data portion of the delivery.  I have been
> able to do this with Ethereal from the window however its to evident for my
> purposes.

"Evident" in what sense?

> I want to create a utility that will capture for example the
> total communications between MSN clients or AIM clients for example.  I know
> I can do it as I have a very powerful parsing language.  My next questions
> is - does Tethereal capture to standard ascii based file formats?

What "standard ascii based file formats" are you thinking of?

Tethereal can be thought of as a command-line version of Ethereal, in
that it uses the same *binary* format for saving captures (libpcap
format) that Ethereal does.

Ethereal can print a textual dissection of a capture to a file, using
the "File->Print" menu item.  If you run Tethereal without the "-w"
flag, it prints, to its standard output, the same sort of stuff that
Ethereal would print to a file using "File->Print" (because the
dissectors in Ethereal and Tethereal are the same).

> Also, is
> there a mechanism for restarting the capture process from the command line
> or does that mean to restart the whole application again.

What do you mean by "restarting the capture process"?  If you're
capturing traffic to a file, the application *is* the capture process,
so the way you restart the capture process *is* by restarting the
application.