[e2e] A simple question about handling the dump files

Thu Mar 2 02:15:50 PST 2006

<p>    Could some one please give me some advice about handling the tcp dump files? I'm working on an analysis of the network traffic. However, under the Windows environment, I can not find any useful tool to visualize or handle the dump files conveniently.<p>    Tcptrace i known is a common tool to analyze network traffic and take as input dump files. Unfortunately, it is seem that what tcptrace does is very different from what i want.<p>    <p>    Could somebody help me ,the information related to the follow topic are valuable for me:<p>  <p>    first, how can i to display the dump file in an understandable style, or to transform the binary format of original dump file to a more friend format, such as the text format etc. (note: under Windows OS)<p><p>    second, the output format of dump file still confused me. Do all records in the files have the same size in bytes? if so, what is the number of bytes? <p>      In addition, I want to read a record each time, but how to judge the end of a record if the lengths of records of different protocols (e.g. tcp, udp) are variable ?   <p>   <p>     Thanks very much !!<p>                                            Shaohe lv <p>                                              Mar. 02 2006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.postel.org/pipermail/end2end-interest/attachments/20060302/da0c1485/attachment.html