daecks
asked on
Sniffer .enc file format
Hi all,
I've been given the task of writing a sniffer-like tool that, among other things, saves files in the .enc etherpeek compatible file format. Firstly though, I need to determine whether the customised information I'll be grabbing off the network has everything I require to actually produce a proper .enc file before I go and code it. I found this link: http://www.networkuptime.com/tips/file_formats/ which says "original Ethernet trace file format is detailed in the Sniffer documentation" but the link to that file is dead. Does anyone know where I can find this info or at least give a quick breakdown of the file structure? My Google searches so far have been less than fruitful :-(
Thanks,
daecks
I've been given the task of writing a sniffer-like tool that, among other things, saves files in the .enc etherpeek compatible file format. Firstly though, I need to determine whether the customised information I'll be grabbing off the network has everything I require to actually produce a proper .enc file before I go and code it. I found this link: http://www.networkuptime.com/tips/file_formats/ which says "original Ethernet trace file format is detailed in the Sniffer documentation" but the link to that file is dead. Does anyone know where I can find this info or at least give a quick breakdown of the file structure? My Google searches so far have been less than fruitful :-(
Thanks,
daecks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help tropsmr2
Also, found a working link to the document in the source code: http://www.nai.com/common/media/sniffer/support/sdos/operation.pdf
cheers,
daecks
Also, found a working link to the document in the source code: http://www.nai.com/common/media/sniffer/support/sdos/operation.pdf
cheers,
daecks
Glad to hear that you're on your way! Cheers and best of luck with your project...troy
http://www.ethereal.com/development.html
PS: Why write the program when you could employ Ethereal for nothing?