Saving Capture Files with Ethereal

Ethereal can also save captured packets to a file in several different formats. You can even choose to save all packets or a subset of the packets. These capture files can then be opened by the associated products or utilities. The following is a list of formats that Ethereal can save as:

• libpcap (tcpdump, Ethereal, etc.)

• Red Hat Linux 6.1 libpcap (tcpdump)

• SuSE Linux 6.3 libpcap (tcpdump)

• modified libpcap (tcpdump)

• Nokia libpcap (tcpdump)

• Novell LANalyzer

• Network Associate’s Sniffer (DOS-based)

• Sun snoop

• Microsoft Network Monitor 1.x

• Microsoft Network Monitor 2.x

• Network Associates Sniffer (Windows-based) 1.1

• Network Associates Sniffer (Windows-based) 2.00x

• Visual Networks traffic capture

• Accellent 5Views capture

• Network Instruments Observer version 9

To save a packet capture to a file, select File | Save As. The Save Capture File As dialog box will appear, as shown in Figure 7.3. This dialog box allows you to choose the file format and the location where you would like to save the file. There are many other features of this dialog box that are covered in detail in Chapter 4. Browse through the directories in the left-hand pane to the desired location where you would like to save your capture file. Next, choose the correct output type from the File Type pull-down menu. Type in a file name under Selection and click OK.

Figure 7.3: Save Capture File As Dialog Box