Wireshark mailing list archives
Re: Req: Information regarding wireshark file logging
From: Douglas Ross <doug_ross_59 () yahoo co uk>
Date: Mon, 31 May 2010 07:32:49 +0000 (GMT)
Hi Surabhi, Wireshark Documentation Appendix A "Files and Folders" gives some explanation. Here is an extract: " Wireshark uses the libpcap file format as the default format to save captured packets; this format has existed for a long time and it's pretty simple. However, it has some drawbacks: it's not extensible and lacks some information that would be really helpful (e.g. being able to add a comment to a packet such as "the problems start here" would be really nice). In addition to the libpcap format, Wireshark supports several different capture file formats. However, the problems described above also applies for these formats. " and: " A detailed description of the libpcap file format can be found at: http://wiki.wireshark.org/Development/LibpcapFileFormat " I use the default wireshark file (format). When I access these files with my own software on Windows O/S, I open them in binary format, as they are not recognised as text files. The first 24 bytes of each file have special information to identify it as libpcap file format, and some other basic info. like GMT... I hope this helps. Good luck. Regards Doug btw your name has a special significance, I think. A few years ago I saw "The Ballad Of Mandel Pandey". I was the ONLY person in the cinema (an afternoon in Melbourne, Australia). It was a very moving story for me "a Britisher", born in India in the year of independence. ________________________________ From: surabhi pandey <eshi14 () gmail com> To: wireshark-users () wireshark org Sent: Mon, 31 May, 2010 2:15:19 PM Subject: [Wireshark-users] Req: Information regarding wireshark file logging Hi , I want to know how the wireshark captured file are stored (i.e) in which format is it stored , whether a live capture is stored temporarily in a file or is it stored in some database. If in the file than what is the file format it uses. Thank you ... -- ---
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Req: Information regarding wireshark file logging surabhi pandey (May 30)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Guy Harris (May 31)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Jaap Keuter (May 31)
- Re: Req: Information regarding wireshark file logging Guy Harris (May 31)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)