Ethereal-users: Re: [Ethereal-users] Using editcap for file conversion

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Fri, 11 Jun 2004 17:16:48 +0200
On Thu, Jun 10, 2004 at 04:28:13PM -0400, Patrick W Richardson wrote:
> Hi, can I use editcap as a stand-alone program to convert Sniffer's .cap
> files into a readable format? I'm trying to extract the raw hex data from a
> large number of .cap files that Sniffer captured for analysis, so dropping
> them one by one into Ethereal or Sniffer is impractical. Maybe I could just
> use the ngsniffer portion of the wiretap library since I'm only concerned
> with one type of file? I'm not a particularly experienced programmer, and
> I'm having some trouble understanding the code. Sorry if this is a simple
> question.

The correct command line tool to convert sniffer traces to ascii is
tethereal -V -r <infile>
If you want to change it to pcap format, editcap is the right tool.
We don't have a tool to convert the format to simple hex dump but it
shouldn't be hard to add a format like that to the wiretap library.

 Ciao
     Joerg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.