On Fri, May 28, 2004 at 11:38:08AM +0200, RABRET Laurent FTRD/DAC/ISS wrote:
> I'll have to pick up standard extensions associated with all the formats
> Ethereal is able to deal with. If some of you guys have already some
> knowledge regarding this, thanks in advance for their help
>
> PCAP .cap, .acp, .pcap
> LANALYZER ?
This is a bit tricky:
http://secinf.net/info/nw/lan/trace.tx
"The packets collected by LANalyzer may be stored in binary form in
trace files. This appendix describes the naming conventions used for
these files and explains how to interpret their contents.
Filename Conventions
LANalyzer trace files are split into subfiles. A trace file can contain
up to 35 subfiles. The filename convention for the trace subfiles is
the same: you provide the main filename and the LANalyzer software
provides the extension. For trace files the extension is TRn. n
indicates the subfile within the file; n has a range of 1 to 9 and then
A to Z, for a total of 35 subfiles.
A trace subfile can contain as many as 32,000 Kbytes. This means that
if several large files are to be used, multiple drives may be required."
Ethereal currently doesn't know that if asked to open a ".tr1" file, it
should look for ".tr2", ".tr3", ..., ".tr9", ".tra", ".trb", etc. and
combine them, so we only would use ".tr1". Even if we add that
capability in the future, I think we'd only register for ".tr1" -
Wiretap would automatically try the others.
> NG SNIFFER ?
The DOS-based Sniffer used:
.enc Ethernet capture
.trc Token Ring capture
.fdc FDDI capture
.syc WAN capture ("SYnchronous", although I think it's used
for async as well)
.atc ATM capture
The Windows-based Sniffer uses ".cap" and ".caz".
> SNOOP .snoop
Snoop itself doesn't have that convention (it's a UNIX program, and UNIX
programs often don't have suffixes for their files), but some people use
it.
> SHOMITI ?
".cap", according to the list of file types supported by ProConvert:
http://www.wildpackets.com/products/proconvert/files
> IPTRACE ?
Again, another UNIX program; the AIX man page uses ".trace" in the
examples it gives.
> NETMON ?
".cap"
> NETXRAY ?
Probably ".cap" - that's what the Windows-based Sniffer uses, and that's
a descendent of NetXRay.
> ASCEND ?
That's just a text file; it's up to the user, or whatever application
they use to capture the text from the ISDN modem, to give it a suffix -
".txt" is probably a bad choice, however. :-)
> NETTL ?
There doesn't seem to be a standard one (again, UNIX).
> TOSHIBA ?
Text, like the Ascend files.
> ETHERPEEK ?
".pkt" and ".wpz".
> VMS ?
> ETHERWATCH ?
Again, text.
> VISUAL_NETWORKS ?
It *might* be ".cap".
> COSINE ?
Text.
> 5VIEWS ?
".5vw", it appears.
> ERF ?
I'm not sure whether it's ".erf" or if that's just the suffix I gave the
files.
> AIROPEEK ?
".apc" and ".wpz".