converted to 1.6 markup
|Deletions are marked like this.||Additions are marked like this.|
|Line 15:||Line 15:|
| * [http://www.snort.org/ snort]
* [http://analyzer.polito.it/ Analyzer]
* [http://www.networkchemistry.com/products/packetyzer.php Packetyzer]
| * [[http://www.snort.org/|snort]]
|Line 28:||Line 28:|
|Wireshark handles all capture file I/O in the [http://anonsvn.wireshark.org/viewcvs/viewcvs.py/trunk/wiretap/ wiretap] library. You'll find further details about the libpcap file format in the source code files wiretap/libpcap.c and .h :-)||Wireshark handles all capture file I/O in the [[http://anonsvn.wireshark.org/viewcvs/viewcvs.py/trunk/wiretap/|wiretap]] library. You'll find further details about the libpcap file format in the source code files wiretap/libpcap.c and .h :-)|
|Line 34:||Line 34:|
|* attachment:SampleCaptures/FILE.pcap||* [[attachment:SampleCaptures/FILE.pcap]]|
|Line 38:||Line 38:|
|* ["Development/LibpcapFileFormat"] libpcap file format details||* [[Development/LibpcapFileFormat]] libpcap file format details|
libpcap file format (.pcap)
The libpcap file format is used by a wide range of open (and closed) source programs.
The current libpcap file format version 2.4 is available for quite a long time now.
Programs supporting this file type
The common timestamp resolution is 1 µs. A special libpcap format is available (supported by Wireshark only), providing 1 ns timestamp resolution.
The libpcap support is fully functional. Wireshark supports reading and writing of this format.
Wireshark handles all capture file I/O in the wiretap library. You'll find further details about the libpcap file format in the source code files wiretap/libpcap.c and .h
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Development/LibpcapFileFormat libpcap file format details