-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users -------------------
Alexander Bridygham wrote:
> -------------------
> The Ethereal project is being continued at a new site. Please go to
> http://www.wireshark.org and subscribe to wireshark-users@wireshark.org.
> Don't forget to unsubscribe from this list at
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> -------------------
>
>
>
> ------------------------------------------------------------------------
>
>
> I'm trying to find documentation on the libcap formating employed in the
> output file of ethereal, and would like to know if someone can point me
> in the right direction.
It's also used in Wireshark, so the right place to ask (as per the note
added by the Ethereal mailing list to the top of your message) is
wireshark-users.
Note that the best way to read or write a libpcap-formatted file is, in
most if not all cases, to use libpcap/WinPcap (either directly, or
through bindings such as Net::Pcap for Perl or equivalents for other
languages).
If you absolutely *can't* do that, see
http://wiki.wireshark.org/Development/LibpcapFileFormat for a description of the format.
Note, however, that it says that a next-generation libpcap file format
will probably be used at some point; if you use libpcap/WinPcap,
upgrading to a new version of libpcap/WinPcap should allow your
application to read the new file format transparently (at least for some
files in that format, e.g. ones that don't have multiple different
link-layer types in the same file), whereas if you write your own code
to read those files you'll have to write new code in order to be able to
read those files.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users