Servando Garcia wrote:
This may sound really silly but, how do I save a capture session in
binary format ?
What do you mean by "a capture session" and "in binary format"?
If you have done a capture, and you use "File -> Save" or "File -> Save
As", Ethereal will let you save the capture in its native format
(libpcap format, as used by tcpdump and a bunch of other applications
using libpcap), which is a binary format, and might also support
(depending on the type of network interface on which you did the
capture) saving in some other file formats (also binary).
Those formats typically have a file header at the top, followed by a
bunch of records, one for each link-layer packet, with each record
having a header containing the time stamp of the packet, the size of the
packet as it appeared on the network, and the number of bytes of that
packet that were captured (which is normally the full length of the
packet, unless you set the snapshot length when you captured). Is that
the type of binary format you want? It could be read by Ethereal,
Tethereal, tcpdump/WinDump, and any other programs that can read
libpcap-format files, but it contains more than just the raw packet
data, it also contains the per-packet record headers.