[Guy Harris <gharris@xxxxxxxxx>]

On Sun, Jan 27, 2002 at 11:11:35PM +0800, darren wrote:
> Is it easy to add a module to save ethereal captured data into a
> customized file format?

You can add new modules to the Wiretap library (in the "wiretap"
subdirectory) to read and write files in a new format.

> I have a program already written years ago that can do some sorting and
> storage of Dumped data, but unfortunately is not very portable in terms
> of file formats and OS. 
> 
> It cannot decode ethereal files, so I will need to either run a proggie
> to do that or make ethereal save file into one that my program can
> understand.

Well, if it's not too hard to modify your program, you might want to
make it read libpcap-format files - that's the native format of Ethereal
*and* tcpdump *and* Analyzer (and, I suspect, some other packet capture
programs for various UNIX-flavored OSes).

But if it would be hard to do that, adding to Wiretap the new file
format would allow not only Ethereal, but also Tethereal and editcap, to
write files in your file format, letting you translate libpcap (and
other format) files into your program's file format.