Reading Capture Files with Ethereal

Previous page
Table of content
Next page

  < Day Day Up > 


Ethereal can read and process previously saved capture files from a variety of packet capture programs and utilities. Because Ethereal uses the popular libpcap-based capture format, it interfaces easily with other products that use libpcap. As mentioned earlier, the wiretap library enables Ethereal to read a variety of other capture files as well. Ethereal can automatically determine what type of file it is reading and can also uncompress gzip files. It really is as easy as opening the file! The following is a list of capture formats that Ethereal can read:

  • Tcpdump

  • Sun snoop and atmsnoop

  • Microsoft Network Monitor

  • Network Associates Sniffer (compressed or uncompressed)

  • Shomiti/Finisar Surveyor

  • Novell LANalyzer

  • Cinco Networks NetXRay

  • AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek

  • RADCOM’s WAN/LAN analyzer

  • Visual Networks’ Visual UpTime

  • Lucent/Ascend router debug output

  • Toshiba’s Integrated Services Digital Network (ISDN) routers dump output

  • Cisco Secure Intrusion Detection System (IDS) iplog

  • Advanced IBM Unix (AIX) iptrace

  • HP-UX nettl

  • ISDN4BSD project’s i4btrace output

  • Point-To-Point Protocol Daemon (pppd) logs (pppdump-format)

  • VMS’s TCPIPtrace utility

  • DBS Etherwatch VMS utility

  • CoSine L2 debug

  • Accellent’s 5Views LAN agent output

  • Endace Measurement Systems’ ERF capture format

  • Linux Bluez Bluetooth stack “hcidump –w” traces

  • Network Instruments Observer version 9

To open a saved capture file, select File | Open. The Open Capture File dialog box will appear, as shown in Figure 7.1. This dialog box allows you to search for the capture file that you would like to open. There are many other features of this dialog box that are covered in detail in Chapter 4. Once you have browsed through the directories in the left-hand pane and clicked on the file you want to open in the right-hand pane, click OK to open the file. If Ethereal can interpret the capture file, it will display it in the main window; otherwise, you will see an error message like the one in Figure 7.2.

click to expand
Figure 7.1: Open Capture File Dialog Box

click to expand
Figure 7.2: File Open Error


 < Day Day Up > 


Previous page
Table of content
Next page
Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Agile Project Management: Creating Innovative Products (2nd Edition)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Metrics and Models in Software Quality Engineering (2nd Edition)
Image Processing with LabVIEW and IMAQ Vision
Data Structures and Algorithms in Java
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy