On Wed, Jan 31, 2001 at 02:00:51PM -0800, Guy Harris wrote:
> I personally use ".pcap" for libpcap files and ".snoop" for snoop files;
> note that there isn't *a* file extension to be used, as Ethereal can
> read a variety of file types, including file types from various Windows
> sniffer programs, e.g. Sniffers with ".enc" or ".trc" or..., and Network
> Monitor files with ".cap".
Ok, so perhaps we should adopt a widely accepted set of extensions. At
the very least, the "Open Capture File" dialog should at least allow me
to filter based on a chosen extension (similar to what Win32 does). If
I type "*.dmp" into the filename edit field, it attempts to open a file
called "*.dmp" instead of displaying the files that match the wildcard.
>
> > Along the same lines, what is the purpose of the "Filter" button on the
> > "Open Capture File" dialog? I am confused by the behaviour.
>
> It's for using a "read filter" when reading a capture file; a "read
> filter" is a display filter expression - if a "read filter" is used in
> Ethereal or Tethereal when reading a capture, only packets that match
> the filter are seen, others are discarded when reading.
Ahh, interesting... this will be useful.
Thanks,
Mike.
