Network Captures
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Network Captures

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Ethernet
Author Message
aerielord
Guest
Posted: Tue Sep 13, 2005 4:20 pm    Post subject: Network Captures Reply with quote
If anyone out there has used SoftPerfect's Network Analyzer, I need to
find a way to convert the capture files I have from their format to
something more in line with a generla .CAP format used by programs such
as Ethereal. I'm not a programmer, but I do have the Capture file
format as follows:


CAP - is a capture file in which captured packets (sessions) are
stored.
Offset Size Name Description
0x0 - 0x2 3 Bytes CAPSIGN Signature line. This string value
always equal to "CAP".
0x3 1 Byte CAPVER In this version of the software the
value is always 1.
0x4 - 0x7 4 Bytes VTOTAL A long integer number (DWord). It is
equal to the total number of data packets in a file.

VTOTAL packet records then follow the above header data. Here is the
format of each variable length packet record:
- 8 Bytes TIMESTAMP A Double type number holding the date and time the
packet was received.
- 2 Bytes PKTLEN A Word type number, which gives the packet's length.
- PKTLEN PKTDATA A block of PKTLEN length. This is the packet's data.


If anyone could offer a utility (Ethereal's will not work..already
tried) or an easy solution, I'd be most appreciative. Thanks.


AL
Back to top
Walter Roberson
Guest
Posted: Tue Sep 13, 2005 6:32 pm    Post subject: Re: Network Captures Reply with quote
In article <1126623707.139361.297710@g14g2000cwa.googlegroups.com>,
aerielord <aerielord@gmail.com> wrote:
:If anyone out there has used SoftPerfect's Network Analyzer, I need to
:find a way to convert the capture files I have from their format to
:something more in line with a generla .CAP format used by programs such
:as Ethereal. I'm not a programmer, but I do have the Capture file
:format as follows:

It appears that there have been several different pcap file formats,
some incompatible with the others.

A draft of a proposed file format is at
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

I have not checked how far along that got -- I do not know if it
is still draft stage or is now widely implemented.
--
"Never install telephone wiring during a lightning storm." -- Linksys
Back to top
Guest
Posted: Wed Sep 14, 2005 2:23 pm    Post subject: Re: Network Captures Reply with quote
Ethereal's format must be public.

Quote:
From your description any programmer could swiftly
knock something together to solve this problem.


You will just have to find one?
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Ethernet All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB