On Thu, Feb 27, 2003 at 05:32:09PM -0800, Sheetz, Vince S wrote:
> I did the suggestions to no avail - then tried saving the file by
> specifying a .cap filename suffix - and it worked.
Wow.
Now I'm *really* impressed by the Sniffer software.
Rename a Sniffer file from ".cap" to, say, ".crap", and it *fails to
read the file* complaining about it being in an unsupported file format.
I'll at least give them credit for realizing that a Microsoft Network
Monitor file isn't a Sniffer file, the fact that NetMon also uses ".cap"
nonwithstanding. But Ethereal can tell the file type by looking at the
file - and, in most cases, it can do that just by looking at a "magic
number" at the beginning of the file, and both the classic DOS Sniffer
and the Windows Sniffer have magic numbers in their capture files - so
Sniffer rejecting a perfectly valid Sniffer file just because it doesn't
end with ".cap" seems a bit, well, bogus.
> I thought it would save with the proper extension automatically -
> sorry for the fire drill.
Ethereal is a UNIX program ported to Windows; UNIX uses file extensions,
but is not as insistent about them as Windows - UNIX desktop
environments, for example, usually determine file type by looking at the
suffix *and* at the file contents.
As such, it doesn't forcibly set file extensions, although I guess it
could do so *for those file types that have standard extensions* (its
native libpcap format isn't one of those types - libpcap format
originated, perhaps not surprisingly, on UNIX).