Hello Giovanni,
You can either use the console application tethereal (tethereal -r
capture_file_name -V) or use the GUI application ethereal. The protocol
information is visible in the middle pane of Ethereal. You can click on the
protocol tree to inspect the details of the protocols in the captured
packets.
You can start playing with "display filter" too, if you want to search for
packets that have specific protocol fields or fields with a specific value.
You can find a list of the protocols and protocol fields in the Ethereal
help menu.
There is also a protocol field reference on the Ethereal web site:
http://www.ethereal.com/docs/dfref/
If you want to build display filter expressions, then have a look at the
ethereal filter manual page (man ethereal-filter or look at the
ethereal-filter.html file).
There is also a FAQ:
http://www.ethereal.com/faq.html
You can find the FAQ in the help menu of ethereal too.
Regards,
Olivier
-----Original Message-----
From: GRL
I saved a trace of a specific http session. How can I analyse it now? I
mean: what tool allows me to view the trace and what's the format I view the
trace? Clearly, I'd prefer to view the trace with all the details of the
http protocol.
Thanks.
Giovanni