On Thu, Mar 09, 2000 at 03:18:52PM -0800, Fox, Adam wrote:
Yes. pktt will do this. It creates a file in tcpdump format, which is convertable into snoop with the right utilities.
would you folks(NetApp) be willing to share these utilities?
As the author of captrans (the utility in question) and the changes to libpcap required to make it read other capture file formats, I don't have any problem making that stuff available.
*However*, there's a better program than captrans - editcap.
It's part of the Ethereal packet capture/analysis program package:
and uses the same library that Ethereal (and the text-mode - snoop/tcpdump-like - utility Tethereal that also comes with Ethereal) uses to read and write capture files. That library can read more capture file formats than can the patched libpcap I have here, and can also write more formats than can captrans.
I don't plan to add any new capture file formats to the patched libpcap, but there are many people who have added new formats to the Wiretap library in Ethereal, and we will probably continue to add new formats as they come up (and as we can figure them out - a lot of the formats were figured out by reverse-engineering, as no documentation was available).
Ethereal requires GLib 1.2[.x] and GTK+ 1.2[.x], so you'd have to have them installed on your system in order to build editcap (unless you tweak the Makefile by hand so as to build only the Wiretap library and editcap, in which case you need only GLib 1.2[.x], but once you've installed GLib, you might as well install GTK+ while you're at it), but, once you've done that, you not only have a program to convert capture files, you have a pretty nice GUI packet capture and analysis program, and a pretty nice text-mode packet capture and analysis program as well.
(It also runs on Win32 operating systems such as Windows 9x and Windows NT - you have to get versions of GLib, GTK+, and libpcap that have been ported to Win32, but those all exist, and Ethereal can even capture packets on Win32 OSes with that version of libpcap.)
There's also, on the "Download" page of the Ethereal Web site, a list of links to binary packages that have been made of Ethereal - or, at least, links to archive sites for binary packages for various OSes - although there's no guarantee that the latest version of Ethereal has been so packaged, in which case the package might not include editcap or Tethereal.
-
Guy Harris