Ethereal-users: RE: [Ethereal-users] Ethereal with Sniffer PRO

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Sheetz, Vince S" <vince.s.sheetz@xxxxxxxxx>
Date: Thu, 27 Feb 2003 14:51:45 -0800
Hi Guy,

I had tried to save the traces out using the save as option to Sniffer 2
- then when opening the file with Sniffer I received a message of
unknown file format.  Something I am doing wrong?

Thanks!
Vince

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx] 
Sent: Thursday, February 27, 2003 2:48 PM
To: Sheetz, Vince S
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Ethereal with Sniffer PRO


On Thu, Feb 27, 2003 at 01:08:32PM -0800, Sheetz, Vince S wrote:
> How can I use a trace created by Ethereal with NAI Sniffer PRO 4.7?

Only by converting the Ethereal capture to Sniffer format, which means
that...

> I have several Ethereal traces sent to me for evaluation - am familiar

> with Sniffer PRO so would rather work in that environment.

...you *will* need to use at least some of the stuff that comes with an
Ethereal distribution.

You could, for example, use editcap to convert from the standard
Ethereal format (libpcap format) to Sniffer format.  Editcap is a
command-line program that comes with Ethereal - on Windows, its
executable is installed in the same directory as the Ethereal
executable.

You'd run

	editcap -F ngwsniffer_2_0 {name of Ethereal file} {name of
	    Sniffer file}

where "{name of Ethereal file}" is the pathname of the Ethereal file to
be converted and "{name of Sniffer file}" is the pathname you want the
Sniffer file to have (ending in ".cap").

If you don't want to deal with the command line, you could also read the
file in Ethereal and save it in "Network Associates Sniffer
(Windows-based) 2.00x" format (the "2.00x" is a file format version
number, *NOT* a Sniffer program version number - I don't know what
version was the first one to use 2.00x file format, but 4.7 uses it).

If you don't want to deal with any application that has a non-Windows
GUI, you could use Packetyzer:

	http://www.packetyzer.com/

which is a packet analyzer based on much of the Ethereal core, but with
its own Windows GUI - you'd read in the capture and save it in "Network
Associates Sniffer (Windows-based) 2.00x" format- or you could use
WildPackets' non-free ProConvert:

	http://www.wildpackets.com/products/proconvert

which can read libpcap-format files for Ethernet, Token Ring, FDDI, or
802.11, and write Sniffer Pro files in any of those formats.