Ethereal-users: Re: [Ethereal-users] Output from tethereal to a .bpf or .enc

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 23 Jun 2003 19:02:19 -0700

On Monday, June 23, 2003, at 5:32PM, Christopher Lyon wrote:
Is there a way to take the output from tethereal to a .bpf or .enc file?
I've no idea what a ".bpf file" is, so I can't answer that part of the question.
The only ".enc files" I know of, offhand, are Ethernet capture files from the DOS-based Sniffer software (and are probably best referred to as "DOS-based Sniffer captures" rather than ".enc files", for the benefit of people who don't have a list of Windows file suffixes memorized).
If by "the output of Tethereal" you mean a Tethereal binary capture file, Tethereal can itself write out Sniffer capture files rather than its native libpcap format, for at least some network types, including Ethernet. See the "-F" flag. You can also use "editcap" to read a libpcap file and write out a Sniffer file, or can read it in Ethereal and save it in Sniffer format.