John Serra wrote:
Microsoft has referred me to you. I am trying to edit a .cap file from
netcap.exe that was included in WinXPPro Support Tools. The Microsoft
rep said that this was 3rd party software, and refered me to you for a
"reader".
Wow, I'm impressed - the .cap format from netcap:
http://support.microsoft.com/?id=310875
is the native format of *Microsoft's own network analyzer program*,
Network Monitor. They didn't recommend *that* to you as a "reader" for
their .cap files? Presumably either you're not running Windows (Network
Monitor is Windows-only) or you don't have Windows Server (which comes
with a version of Network Monitor) or Systems Management Server (which
comes with the full version of Network Monitor).
Ethereal also reads Network Monitor .cap files (we reverse-engineered
most of it; if Microsoft plans to continue to recommend Ethereal, they
might want to give us some more information about capture file formats :-)).
(There are other .cap formats - it's the "obvious" choice for an
extension for CAPture files - but they're all different. Fortunately,
most if not all of them start with specific "magic numbers", so Ethereal
can distinguish between them, and can read at lest some of them.)
Would you direct me to the proper software?
Ethereal can be downloaded from our download pages:
http://www.ethereal.com/download.html
We build native binaries for Windows and for some UN*Xes; we also
distribute full source that can be built on a variety of systems, and
link to third-party binaries for other UN*Xes.
It's a reader, not a full-blown "editor" - you can read in a capture,
and save selected packets, with Ethereal, but it doesn't support, for
example, editing the contents of a packet and writing it out. What sort
of editing do you need to do?