Message-ID: <008c01c1db01$fd3e8df0$0c765194@wil.waw.pl> From: "Marek Malowidzki" <malowidz@wil.waw.pl> Subject: Re: Win32 network monitor file format Date: Wed, 3 Apr 2002 13:23:32 +0200
Thank you all for suggestions.
Really, Ethereal's sources contain netmon.h and netmon.c files that perform cap
files decoding. In fact, extracting Ethernet frames from a cap file was not so
difficult - I could guess the format by looking at the bytes and comparing with
what netmon displayed. However, I would like to be able to prepare files for
netmon. Moreover, my guess was not completely correct and could fail under some
circumstances (that is what I see from netmon.h/c module).
Marek
----- Original Message -----
From: "Gregory Stark" <ghstark@pobox.com>
To: "Marek Malowidzki" <malowidz@wil.waw.pl>
Sent: Wednesday, April 03, 2002 2:14 AM
Subject: Re: Win32 network monitor file format
> Marek,
>
> Ethereal can read it. I believe Ethereal's wiretap library is the component
> to look at. Go to www.ethereal.com
>
>
>
> ======================
> Greg Stark
> ghstark@pobox.com
> ======================
>
>
> ----- Original Message -----
> From: "Marek Malowidzki" <malowidz@wil.waw.pl>
> To: <tcptrace@tcptrace.org>
> Sent: Tuesday, April 02, 2002 4:40 AM
> Subject: Win32 network monitor file format
>
>
> > Hi all,
> >
> > I have just subscribed to the list and I am looking for info about Win32
> Network
> > Monitor file format. Does tcptrace read it? If not, does anyone know the
> format
> > of this file? I could analyze it and guess much but still cannot guess
> some
> > details.
> >
> > Best regards
> >
> > Marek
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2b30 : 04/03/02 EST