ns@xxxxxxxxxxxxxxxxxxxxxxxxx wrote:
I am making some SW that can use e.g. Ethereal files and make additional
statistics. It has all worked well in the past but now a user can only
save the files in .cap format and I do not know this file format.
There is no such thing as ".cap format". There are several different
packet analysis programs that use ".cap" as a suffix, and they use
different file formats.
Ethereal's standard capture file format is called "libpcap format", as
it's the standard format used by the libpcap capture library (a library
used by a number of programs, including tcpdump and Ethereal, to do
packet capture).
What do you mean by "but now a user can only save the files in .cap
format"? Do you mean that the user used to be able to save files from
Ethereal in some other format, and it can now only save them in ".cap
format"?
Before it was saved without an extension and in a different format.
Ethereal saves a file with whatever extension the user supplies - even
if they don't supply *any* extension. (Ethereal was originally a
UN*X-only application, and UN*X systems tend not to insist on file
extensions to the same extent that Windows does.) I don't think that's
changed.
The default format also hasn't changed - it's always been libpcap format.
What are the two formats (the "before" and "after" formats)?