> > okay. I'm using Sniffer Pro, version 4.0.12 . (I think it
> is near the
> > latest version, at least it better be, I just bought it).
> > Within Sniffer pro when you open a file, you can choose the
> file type
> > and the types are:
> > Sniffer Files (cap,caz,enc,trc,fdc,tr1)
> > Sniffer WAN Files (cap,caz,syc,hic)
> > Sniffer ATM Files (cap,caz,atc)
> > History Files (hst)
> > All Files
> >
> > So after trying several different extensions I found that using
> > ngsniffer, and renaming the extension to .ENC, everything seems to
> > work just fine.
>
> What was the old extension?
The extension I was trying in the first place was .CAP, that is
what Sniffer Pro saves it's capture data, so when I grabbed files with
tethereal I used no extensions at first, then tried all the available
ones.
> Just out of curiosity, did you try the "All Files" option before
> renaming the extension, and was it willing to read the file there even
> though it didn't have the right extension?
I did try All files, but that didn't work either. In fact, when I
tried the .CAZ extension Sniffer Pro caused a GPF and rebooted my
computer. I think those Nai boys have some serious work to do in their
file loading code. :)
Just as a general comment, Ethereal identifies way more traffic then
Sniffer Pro, I find Ethereal to be a much better tool for analyzing sniffer
data then the $10,000 dollar (Canadian) copy of Sniffer Pro I have. Great
Work.