FILE format name (common FILE extension, e.g. .pcap)
This file tries to help you add a new capture file type to the wiki. Edit anything as appropriate to the specific file type and replace any appearance of FILE by your file format name (and remove this text line before saving!).
XXX - add a brief FILE description here
XXX - add a brief description of FILE history
Programs supporting this file type
Programs known to support this file type, be specific here as new program versions may change the file format without notice.
- Wireshark, TShark, ...
How to create this file type
Optionally: special steps (probably not obvious) to create this type of files (special command line parameters, "official name" to be selected in the creation program, ...)
The timestamp resolution is (x ms, y us, z ns, variable from x to y, ...).
Add known limitations, like common uncertainties caused by reverse engineering.
The FILE handling is (fully functional, partially functional, not existing, read-only, ... whatever the current state is). Also add info of additional Wireshark features and limitations where appropriate.
Wireshark handles all capture file I/O in the wiretap library. You'll find further details about the libpcap file format in the source code files wiretap/FILE.c and .h
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
- add link to FILE specification and where to find additional info on the web about it, e.g.:
RFC 123 The RFC title - explanation of the RFC content.