This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2005-11-06 12:06:37
Size: 1080
Editor: UlfLamping
Comment: first content
Revision 2 as of 2005-11-06 12:08:01
Size: 1132
Editor: UlfLamping
Comment: "file format" seems to fit better
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from FileTypeReference/libpcap

libpcap file format (.pcap)

The libpcap file format is used by a wide range of open (and closed) source programs.

History

The current libpcap file format version 2.4 is available for quite a long time now.

Programs supporting this file type

  • Ethereal (Tethereal, ...)
  • tcpdump
  • Analyzer
  • Packetyzer
  • ... and a lot more

Timestamp resolution

The common timestamp resolution is 1 us. A special libpcap format is available by Ethereal only, providing 1 ns timestamp resolution.

Ethereal

The libpcap support is fully functional. Ethereal supports reading and writing of this format.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

  • attachment:SampleCaptures/FILE.pcap

  • ["Development/LibpcapFileFormat"] libpcap file format details.

Discussion

FileFormatReference/libpcap (last edited 2008-05-26 15:15:21 by JaapKeuter)