Capture File Format Reference
Ethereal supports a variety of capture file formats.
Some of these formats are well-documented and therefore well-known, like the libpcap / WinPcap format Ethereal uses natively.
Other formats are added to Ethereal by reverse engineering, so the support of these formats is done through "sophisticated guesswork". This is the reason why support of these file types might be incomplete and inaccurate at some parts.
/libpcap captures (TcpDump, Ethereal native and various other tools that use LibPcap)
![[WWW]](/wiki/ethereal/img/ethereal-www.gif)
snoop and atmsnoop captures Shomiti/Finisar Surveyor captures
Novell LANalyzer captures
Microsoft Network Monitor captures
AIX's iptrace captures
Cinco Networks NetXRay captures
Network Associates Windows-based Sniffer captures
Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures
AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
RADCOM's WAN/LAN analyzer captures
Network Instruments Observer version 9 captures
Lucent/Ascend router debug output
HP-UX's nettl captures
Toshiba's ISDN routers dump output
the output from i4btrace from the ISDN4BSD project
traces from the EyeSDN USB S0.
the output in IPLog format from the Cisco Secure Intrusion Detection System
pppd logs (pppdump format)
the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities
the text output from the DBS Etherwatch VMS utility
Visual Networks' Visual UpTime traffic capture
the output from CoSine L2 debug
the output from Accellent's 5Views LAN agents
Endace Measurement Systems' ERF format captures
Linux Bluez Bluetooth stack hcidump -w traces
/Tektronix K12/K15 captures
ASCII trace output from the IBM iSeries (AS/400) Ethernet Communications Trace
DCT2000 .out files