On Wed, Apr 29, 2009 at 11:29:38PM -0700, Guy Harris wrote:
> Wireshark's native file format is libpcap format, which is also the
> native file format of tcpdump, so one shouldn't need help to open a
> tcpdump file in Wireshark; it should Just Work. If it doesn't work,
> that's a bug; please report it as such, to http://bugs.wireshark.org/.
Or the file was not created by giving tcpdump the -w option, but merely
by using something like "tcpdump .... > file.cap", in which case you
just have the ascii output of tcpdump in your file (can you open it in a
text editor?). If that's the case, there is no way of opening the file
in wireshark and you should do the tracing again, this time using
something like "tcpdump -s0 -w file.cap ...".
Cheers,
Sake