Ethereal-users: Re: [Ethereal-users] cap file structure

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 14 Sep 2005 11:03:08 -0700
Philippe De Neve wrote:


is there an easy way to copy udp payload data from a .cap file and paste it
to a .bin file?
Where can I find info on how the cap file structure looks like?
A ".cap file", if by that you mean a file whose name ends in ".cap", is typically a file from one of a number of network analyzer programs (Microsoft Network Monitor, the Windows version of Sniffer, etc.); which one are you thinking of?
Or by ".cap file" do you mean a file in Ethereal's native format? If so, that's "libpcap format", so called because it's the format used by the libpcap/WinPcap library, and is thus readable by and writable by any application using libpcap/WinPcap.
The easiest way to write an application to do that would be to use libpcap/WinPcap to do it. You would then not have to write your own code to understand the file format - and you would then not have your program fail to work with the new pcap-NG file format once that's supported by libpcap/WinPcap and by Ethereal.