["Flowers, Jay" <Jay_Flowers@xxxxxxxxxx>]

True the words to my question ask just that and no more. How ever poor my
wording, David saw through and answered the root question.

Now that that is all over (thanks again for the help all).  Anyone have any
idea what haved to my install of ethereal.  I have uninstalled and
reinstalled.  Still I get: 

tethereal: Unable to parse filter string (illegal char 'û').

as a response to any use of tethereal.



C:\Program Files\Ethereal>tethereal -v
tethereal: Unable to parse filter string (illegal char 'û').

C:\Program Files\Ethereal>tethereal -h
tethereal: Unable to parse filter string (illegal char 'û').

C:\Program Files\Ethereal>tethereal -F ngsniffer -r c:\temp\capture1.acp -w
c:\t
emp\capture1.snf
tethereal: Unable to parse filter string (illegal char 'û').



Jay Flowers
Integic Health Care


-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx] 
Sent: Monday, November 26, 2001 5:08 PM
To: David Kuder
Cc: 'Flowers, Jay'; ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] file types for tethereal

> I believe Jay was quoting a paragraph from
> http://www.ethereal.com/tethereal.1.html where
> there are a set of bolded words like "Toshiba's"
> and "RADCOM's".

No, he's not.  He's quoting

	When writing packets to a file, Tethereal, by default, writes
	the file in libpcap format, and writes all of the packets it
	sees to the output file.  The -F flag can be used to specify the
	format in which to write the file; it can write the file in
	libpcap format (standard libpcap format, a modified format used
	by some patched versions of libpcap, or the format used by Red
	Hat Linux 6.1), snoop format, uncompressed Sniffer format,
	Microsoft Network Monitor 1.x format, and the format used by
	Windows-based versions of the Sniffer software.

which says nothing about "Toshiba" or "RADCOM" (because we *don't write
those formats*).

> I believe Jay's root question (which I have had
> also) is:
> 	What are the acceptable values for the "-F"
> 	flag and what do they map to?

I.e., the question that's answered by doing

{hostname}$ tethereal -h
This is GNU tethereal 0.8.20, compiled with GLib 1.2.8, with libpcap
    0.4, with libz 1.1.3, without SNMP
tethereal [ -DvVhlp ] [ -c <count> ] [ -f <capture filter> ]
        [ -F <capture file type> ] [ -i <interface> ] [ -n ] [ -N
<resolving> ]
        [ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]
        [ -s <snaplen> ] [ -t <time stamp format> ] [ -w <savefile> ] [ -x ]
Valid file type arguments to the "-F" flag:
        libpcap - libpcap (tcpdump, Ethereal, etc.)
        rh6_1libpcap - Red Hat Linux 6.1 libpcap (tcpdump)
        suse6_3libpcap - SuSE Linux 6.3 libpcap (tcpdump)
        modlibpcap - modified libpcap (tcpdump)
        nokialibpcap - Nokia libpcap (tcpdump)
        ngsniffer - Network Associates Sniffer (DOS-based)
        snoop - Sun snoop
        netmon1 - Microsoft Network Monitor 1.x
        netmon2 - Microsoft Network Monitor 2.x
        ngwsniffer_1_1 - Network Associates Sniffer (Windows-based) 1.1
        default is libpcap

That is, of course, a completely different question from

	I would like to export the file to one that is readable by
	Optimal; what value should I use for -F?

as that latter question depends at least as much on what this "Optimal"
program (whatever it is) can read as on what Ethereal can write; the
answer to the latter question may be "there is no such value", if the
"Optimal" program can't read libpcap, snoop, DOS-based Sniffer, Network
Monitor, or Windows-based Sniffer files.