Ethereal-users: Re: [Ethereal-users] TCPdump format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 11 Jul 2003 11:56:55 -0700
On Friday, July 11, 2003, at 11:30 AM, Niels Steenberg wrote:
I am trying to write an application to post process the data captured by 
Ethereal in the TCPDUMP format, but I need a specification of the file
format. Where can I dinf it in order to read the file with my application? 
If you write your application to use the libpcap library to read the 
capture file (which is what tcpdump uses), you can read the data 
*without* a specification of the file format (a file format that, at 
some point, may change to add new capabilities - updated versions of 
libpcap will read the old and new formats, so all you'd have to do to 
handle the new format would be to relink if your application is 
statically linked with libpcap or install a new library if it's 
dynamically linked with libpcap).