[Fed-Talk] FYI: tcpdump format
[Fed-Talk] FYI: tcpdump format
- Subject: [Fed-Talk] FYI: tcpdump format
- From: Todd Heberlein <email@hidden>
- Date: Wed, 14 Jan 2015 14:40:52 -0800
Just a little FYI for those who use tcpdump.
I’m not sure when, but Apple’s tcpdump file format (e.g., using the -w <filename> option) changed from the old pcap format to a “next generation” format, pcapng.
As long as you are saving packet data and reading it back on the same machine or same software, you should be fine. But older software (e.g., a lot of things over 2 years old) might not be able to read in the new data file.
As far as I can tell, I cannot force tcpdump to save in the old pcap format.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden