On Jan 8, 2004, at 1:01 PM, Sanderson, George W wrote:
I am ignorant of the NetXRay history. I thought that NetXRay was the
prior Sniffer product, and that the *.cap files included different
version numbers that covered the different *.cap file formats. I also
thought that the imbedded version number allowed the correct wiretap
processing to open, read, write, and close *.cap files. Perhaps
someone could point me to a reference (URL) that describes the *.cap
Sniffer history.
I don't know of any such URL.
However:
Network General's Sniffer software originally ran on top of DOS. It
had a capture file format that they published (in part), and that
Ethereal (and some other network analyzers) can read.
NetXRay was originally a network analyzer program, running on 32-bit
Windows, from a company called Cinco Networks. Cinco Networks were
bought by Network General (who later merged with McAfee Associates to
form McAfee General - err, sorry, that should be "to form Network
Associates"); I suspect the Cinco people were involved in the
development of the Windows version of the Sniffer software.
The Windows version of the Sniffer software uses a format derived from
that of NetXRay, although there are differences between them.
Ethereal's Wiretap library includes file to read NetXRay and Windows
Sniffer captures.
It would be nice if there was an Ethereal API library, like winpcap
and packet for pcap. That way versioning could be handled easier.
It probably would. Perhaps somebody will do that someday. If they
did, there would probably be separate libraries for reading capture
files and for doing dissection.