Differences between revisions 6 and 7
Revision 6 as of 2006-06-05 03:19:15
Size: 2025
Editor: localhost
Comment:
Revision 7 as of 2008-04-12 17:50:14
Size: 2033
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 32: Line 32:
Wireshark handles all capture file I/O in the [http://anonsvn.wireshark.org/viewcvs/viewcvs.py/trunk/wiretap/ wiretap] library. You'll find further details about the libpcap file format in the source code files wiretap/FILE.c and .h :-) Wireshark handles all capture file I/O in the [[http://anonsvn.wireshark.org/viewcvs/viewcvs.py/trunk/wiretap/|wiretap]] library. You'll find further details about the libpcap file format in the source code files wiretap/FILE.c and .h :-)
Line 38: Line 38:
 * attachment:SampleCaptures/FILE.pcap  * [[attachment:SampleCaptures/FILE.pcap]]
Line 43: Line 43:
 * [http://www.ietf.org/rfc/rfc123.txt RFC 123] ''The RFC title'' - explanation of the RFC content.  * [[http://www.ietf.org/rfc/rfc123.txt|RFC 123]] ''The RFC title'' - explanation of the RFC content.

FILE format name (common FILE extension, e.g. .pcap)

This file tries to help you add a new capture file type to the wiki. Edit anything as appropriate to the specific file type and replace any appearance of FILE by your file format name (and remove this text line before saving!).

XXX - add a brief FILE description here

History

XXX - add a brief description of FILE history

Programs supporting this file type

Programs known to support this file type, be specific here as new program versions may change the file format without notice.

  • Wireshark, TShark, ...

How to create this file type

Optionally: special steps (probably not obvious) to create this type of files (special command line parameters, "official name" to be selected in the creation program, ...)

Timestamps

The timestamp resolution is (x ms, y us, z ns, variable from x to y, ...).

Add known limitations, like common uncertainties caused by reverse engineering.

Wireshark

The FILE handling is (fully functional, partially functional, not existing, read-only, ... whatever the current state is). Also add info of additional Wireshark features and limitations where appropriate.

Wireshark handles all capture file I/O in the wiretap library. You'll find further details about the libpcap file format in the source code files wiretap/FILE.c and .h :-)

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

  • add link to FILE specification and where to find additional info on the web about it, e.g.:
  • RFC 123 The RFC title - explanation of the RFC content.

Discussion

FileFormatTemplate (last edited 2008-04-12 17:50:14 by localhost)