Reputation: 211
Wireshark output binary without extension
After capturing some packets with Wireshark, I want to keep record of them i.e: I want to generate a binary file with the captured packets. Therefore I click on: File -> Save as
among the different extensions, you can select "Visual Networks traffic capture (.)" which apparently generate a binary file without extension.
I have been unsuccessfully looking for more info about this type on Internet. Can somebody tell me what is this extension? Is this file format compatible either with Windows and Linux?
Thanks.
Upvotes: 0
Views: 603
Answers (1)
Reputation:
Those files are from software from a company called Visual Networks:
http://web.archive.org/web/20010119000200/http://www.visualnetworks.com/
Fluke bought them in 2005:
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/02/AR2005120201910.html
and they now appear to be owned by NetScout - if you try going to http://www.visualnetworks.com, you end up at NetScout's site.
The files are from their Visual UpTime software; support for those files was added back in 2001.
I can't find the documentation on any of their possibly-now-no-longer-offered software, so I don't know whether they put a standard extension on the files. Some of the files I have, from bugs and e-mail messages, have the extensions ".vn", ".cap", ".pkt", and ".vis", so I don't know which, if any, of those are the "standard" extension.
So Wireshark doesn't know what extension to put on the files, and doesn't provide one.
Extensions aren't "compatible" with OSes. File formats are compatible with programs that read the files; Wireshark can read Visual Network files on all OSes on which it runs. And there isn't an extension for those files, anyway.
The Windows and OS X desktop environments tend to recognize file formats based on extensions, so, without an extension, you probably won't be able to open a file by double-clicking on it. Some free-software desktop environments used on OSes such as Linux may also look at the beginning of the file to determine the file type, and would be OK with files without an extension, and newer versions of the database they use have an entry for Visual Networks files - but they don't have a MIME media type for them, so Wireshark can't register as the reader for those files, so double-clicking probably won't work there, either.
So, to open one of those files from the GUI, you'd have to use the File -> Open menu item in Wireshark, or anything else in the GUI that lets you say "open this file with this program".
However, the native file formats for Wireshark are pcap and pcapng, and if you've captured traffic with Wireshark, you should really save them in pcap or pcapng format unless you want to read the capture in a program that doesn't understand pcap or pcapng but does understand some other format that Wireshark can write.
Upvotes: 1
Related Questions
- How to filter by IP address in Wireshark?
- Wireshark automatically update output file
- How to filter and display packets based on a specific info using Wireshark?
- tshark capture only dns or http traffic with specific ip adress and write to file
- How to find (decode) PostgreSQL query from Wireshark File?
- Why is my program reporting more captured packets than Wireshark?
- Command line filter with protocol ICMP
- edit wireshark cap file: change the crc value to be bad
- UDP Packet not captured by Wireshark, but is captured by UDP application