Fabiana moreno wrote:
I need your help. I have made captures with wireshark and i was
wondering if i can have the output with the same format as tcpdump?
To which format are you referring?
There are two formats that tcpdump writes - the text format that it
writes if you don't use the "-w" flag, and the binary format that it
writes if you use the "-w" flag. In addition, while most versions of
tcpdump write out files in the "standard" libpcap format, some versions,
such as versions on some older versions of some Linux distributions and
the version in AIX, write a different format.
Wireshark/TShark cannot write out the same text format that tcpdump
does. If, however, you save a capture from Wireshark, it will, unless
you explicitly told it to use some *other* format, write the capture out
in the same "standard" libpcap binary format that most versions of
tcpdump write out with the "-w" flag. Similarly, TShark, when run with
the "-w" flag, writes out the capture in the "standard" libpcap binary
format.
If you want the tcpdump *text* format, then, if you have a Wireshark
capture in binary format, have tcpdump read it, and don't pass the "-w"
flag to tcpdump.
