Ethereal-users: Re: [Ethereal-users] Output from tethereal to a .bpf or .enc

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 23 Jun 2003 19:02:19 -0700
On Monday, June 23, 2003, at 5:32PM, Christopher Lyon wrote:
Is there a way to take the output from tethereal to a .bpf or .enc file? 
I've no idea what a ".bpf file" is, so I can't answer that part of the 
question.

The only ".enc files" I know of, offhand, are Ethernet capture files 
from the DOS-based Sniffer software (and are probably best referred to 
as "DOS-based Sniffer captures" rather than ".enc files", for the 
benefit of people who don't have a list of Windows file suffixes 
memorized).

If by "the output of Tethereal" you mean a Tethereal binary capture 
file, Tethereal can itself write out Sniffer capture files rather than 
its native libpcap format, for at least some network types, including 
Ethernet.  See the "-F" flag.  You can also use "editcap" to read a 
libpcap file and write out a Sniffer file, or can read it in Ethereal 
and save it in Sniffer format.