reading capture file into ethereal
Matt Morgan
minxmertzmomo at gmail.com
Wed Apr 27 16:45:45 UTC 2005
I have a debian server with no gui. I need to analyze some tcp traffic
there, so I ran tethereal and sent the output to a file in libpcap
format. Here are the first few lines of the output:
435.917846 jasmine.brooklynmuseum.org -> 192.168.4.11 TCP 59474 > 3001
[SYN] Seq=2566198018 Ack=0 Win=5840 Len=0 MSS=1460 TSV=438910965
TSER=0 WS=0
435.950570 192.168.4.11 -> jasmine.brooklynmuseum.org TCP 3001 > 59474
[SYN, ACK] Seq=3354128481 Ack=2566198019 Win=2047 Len=0 MSS=1024
435.950640 jasmine.brooklynmuseum.org -> 192.168.4.11 TCP 59474 > 3001
[ACK] Seq=2566198019 Ack=3354128482 Win=5840 Len=0
435.951200 jasmine.brooklynmuseum.org -> 192.168.4.11 TCP 59474 > 3001
[PSH, ACK] Seq=2566198019 Ack=3354128482 Win=5840 Len=5
435.951280 jasmine.brooklynmuseum.org -> 192.168.4.11 TCP 59474 > 3001
[FIN, PSH, ACK] Seq=2566198024 Ack=3354128482 Win=5840 Len=2
I am no ethereal expert, but I thought that I should then be able to
take this file and open it in ethereal (the gui version) on my
workstation so I could analyze it. However, when I try, I get the
error
'The file "eth_output_3001" isn't a capture file in a format Ethereal
understands.'
What am I doing wrong?
Thanks,
Matt
More information about the fedora-list
mailing list