dxf206_163 wrote:
thanks for your help.
but while i use capinfos, it tell me "capinfos: Can't open e:\untitled.cap:
The file isn't a capture file in a known format", i think ,before wireshark
open a file, it use capinfos to get infomation from file,
No, it doesn't - but Wireshark and capinfos use the same code to read
files, so, if Wireshark can't read a file, capinfos can't, either.
As I said in my other mail, we would need to add code that can read Iris
files to the library used by Wireshark and capinfos (and TShark and
editcap) to read capture files. In order to do that, we'd need the
information the FAQ entry mentions, i.e. (quoting the FAQ)
we would either have to have a specification for the file format, or
the extensions, sufficient to give us enough information to read the
parts of the file relevant to Wireshark, or would need at least one
capture file in that format AND a detailed textual analysis of the
packets in that capture file (showing packet time stamps, packet
lengths, and the top-level packet header) in order to reverse-engineer
the file format.
and note also that (again, quoting the FAQ)
there is no guarantee that we will be able to reverse-engineer a
capture file format.