用wireshark抓下來的檔案 存的時後有這兩個格式
wiki的介紹 http://en.wikipedia.org/wiki/Libpcap
可看這裡
http://www.mail-archive.com/wireshark-users@wireshark.org/msg02095.html
A "pcap file" is normally a capture file in libpcap format.
A "cap file" could be a file with the suffix ".cap", which could be any sort of file (nothing in any operating system enforces a particular file suffix being for a particular file format).
Most ".cap" files are probably capture files in various other formats, including Microsoft Network Monitor format, Windows Sniffer format, etc. - but some people might use ".cap" for libpcap-format capture files.
亂翻:
pcap檔大部分是指
抓下來的capture檔案以libpcap的格式所儲存
cap檔則是capture檔案以很多種格式所儲存
有可能是Microsoft Network Monitor format、Windows Sniffer format...等
也可能是libpcap的格式
沒有留言:
張貼留言