Ethereal-users: Re: [Ethereal-users] unsupported Ethernet type 10

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 4 Dec 2002 11:02:49 -0800
On Wed, Dec 04, 2002 at 07:38:26PM +0100, Martin Regner wrote:
>  There are some other ".CAP" file types. One site listed these:  
>         Network Associates Sniffer Capture File

Yes, that's NetXRay format (Network Associates bought Cinco Networks,
the makers of NetXRay, and used a modified version of that format for
the Windows-based version of their Sniffer software; the UI for that
versions might also have been based on NetXRay's).

>         Agilent LAN Analyzer Capture File

Unfortunately, that's not documented anywhere I know of.

>         Fluke Protocol Inspector Capture File

It appears from his mail that they use snoop format (or perhaps some
variant thereof, e.g. Shomiti).

>         Microsoft NetMon Capture File

Yes, Network Monitor uses ".cap" as well.

>         Sun Snoop Capture File

Snoop, however, doesn't use any standard suffix - it's a UNIX
command-line utility, so it doesn't automatically append a suffix;
whatever string you give to the "-o" command-line option is used, even
if it ends in ".txt" or ".doc":

>         TTC FireBerd 500 PC Capture File
>         WWG Domino Capture File        
>         WWG LinkView PRO Capture File

Also not documented, unfortunately.