Ethereal-users: Re: [Ethereal-users] file types for tethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 26 Nov 2001 14:07:49 -0800 (PST)
> I believe Jay was quoting a paragraph from
> http://www.ethereal.com/tethereal.1.html where
> there are a set of bolded words like "Toshiba's"
> and "RADCOM's".

No, he's not.  He's quoting

	When writing packets to a file, Tethereal, by default, writes
	the file in libpcap format, and writes all of the packets it
	sees to the output file.  The -F flag can be used to specify the
	format in which to write the file; it can write the file in
	libpcap format (standard libpcap format, a modified format used
	by some patched versions of libpcap, or the format used by Red
	Hat Linux 6.1), snoop format, uncompressed Sniffer format,
	Microsoft Network Monitor 1.x format, and the format used by
	Windows-based versions of the Sniffer software.

which says nothing about "Toshiba" or "RADCOM" (because we *don't write
those formats*).

> I believe Jay's root question (which I have had
> also) is:
> 	What are the acceptable values for the "-F"
> 	flag and what do they map to?

I.e., the question that's answered by doing

{hostname}$ tethereal -h
This is GNU tethereal 0.8.20, compiled with GLib 1.2.8, with libpcap
    0.4, with libz 1.1.3, without SNMP
tethereal [ -DvVhlp ] [ -c <count> ] [ -f <capture filter> ]
        [ -F <capture file type> ] [ -i <interface> ] [ -n ] [ -N <resolving> ]
        [ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]
        [ -s <snaplen> ] [ -t <time stamp format> ] [ -w <savefile> ] [ -x ]
Valid file type arguments to the "-F" flag:
        libpcap - libpcap (tcpdump, Ethereal, etc.)
        rh6_1libpcap - Red Hat Linux 6.1 libpcap (tcpdump)
        suse6_3libpcap - SuSE Linux 6.3 libpcap (tcpdump)
        modlibpcap - modified libpcap (tcpdump)
        nokialibpcap - Nokia libpcap (tcpdump)
        ngsniffer - Network Associates Sniffer (DOS-based)
        snoop - Sun snoop
        netmon1 - Microsoft Network Monitor 1.x
        netmon2 - Microsoft Network Monitor 2.x
        ngwsniffer_1_1 - Network Associates Sniffer (Windows-based) 1.1
        default is libpcap

That is, of course, a completely different question from

	I would like to export the file to one that is readable by
	Optimal; what value should I use for -F?

as that latter question depends at least as much on what this "Optimal"
program (whatever it is) can read as on what Ethereal can write; the
answer to the latter question may be "there is no such value", if the
"Optimal" program can't read libpcap, snoop, DOS-based Sniffer, Network
Monitor, or Windows-based Sniffer files.