("ethereal-cvs" is not a list to which questions such as these should be
sent; it's for automatically-sent messages for checkins to the Ethereal
source code base. "ethereal-dev" is the right list.)
On Fri, Jun 14, 2002 at 11:12:29AM +0100, Z.Qili@xxxxxxxxxxxxx wrote:
> I hope to extract time and length of packets from Ethereal (captured
> packets) files, who could help me with the file format?
The "native" capture file format for Ethereal is libpcap format, also
used by tcpdump.
This means that the libpcap/WinPcap library can read them; see the man
page for libpcap ("man pcap" on a UNIX system, or
http://winpcap.polito.it/docs/pcapman.htm
for WinPcap).
(If you've captured packets with Ethereal, you at least have a binary
package of libpcap/WinPcap installed on the machine on which you run
Ethereal. You may also have to install a developer's platform of
libpcap in order to write your own program to do so.)
There's also a Perl package Net::Pcap, or something such as that,
letting you write Perl programs to read libpcap files; see the CPAN site
if you want to do that.