Wireshark-users: [Wireshark-users] 答复: 答复: how can i open the package of iris saved
i have two package. wireshark.cap is the package that captured by
wireshark, I opened it with iris and saved to iris.cap. wireshark can't open
iris.cap.
The hope can have the help to you, of cource ,it is help me too. thanks
jackydi
2008-2-1
-----邮件原件-----
发件人: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] 代表 Guy Harris
发送时间: 2008年1月31日 17:02
收件人: Community support list for Wireshark
主题: Re: [Wireshark-users] 答复: how can i open the package of iris saved
dxf206_163 wrote:
> thanks for your help.
>
> but while i use capinfos, it tell me "capinfos: Can't open
e:\untitled.cap:
> The file isn't a capture file in a known format", i think ,before
> wireshark open a file, it use capinfos to get infomation from file,
No, it doesn't - but Wireshark and capinfos use the same code to read files,
so, if Wireshark can't read a file, capinfos can't, either.
As I said in my other mail, we would need to add code that can read Iris
files to the library used by Wireshark and capinfos (and TShark and
editcap) to read capture files. In order to do that, we'd need the
information the FAQ entry mentions, i.e. (quoting the FAQ)
we would either have to have a specification for the file format, or
the extensions, sufficient to give us enough information to read the parts
of the file relevant to Wireshark, or would need at least one capture file
in that format AND a detailed textual analysis of the packets in that
capture file (showing packet time stamps, packet lengths, and the top-level
packet header) in order to reverse-engineer the file format.
and note also that (again, quoting the FAQ)
there is no guarantee that we will be able to reverse-engineer a
capture file format.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users