hi i've saved a log in a .pcap file, but i have to work with sawmill universal analisis, and every time i load the file, the program show this message "This log data appears to be in Wireshark, Ethereal, or tcpdump Binary Log Format, which is a binary format not supported directly by Sawmill (Sawmill processes text files, and does not support binary formats). You can still analyze this data with Sawmill, but you need to export to a text format first, using the "Export as Plain Text File" dialog box in Wireshark or Ethereal, or using the tcpdump command line tool (tcpdump -r binaryfile.dat -tt > textlog.txt). The resulting file should be autodetected as a tcpdump (-tt) log when you create a profile; choose that format when prompted." asked 27 Oct '15, 12:59  buddhaa11 edited 27 Oct '15, 13:30  Guy Harris ♦♦ |
One Answer:
If you're on a UN*X (Linux, *BSD, OS X, Solaris, HP-UX, AIX, etc.), then either your system comes with tcpdump, provides it as an optional install, or has an third-party package available, such as the package on the HP-UX Porting and Archive Centre. So, on a UN*X, if your capture file is called "foo.pcap", you could do and supply "foo.txt" to Sawmill. If you're on Windows, WinDump, a port of tcpdump to Windows, is available. So, if you're on Windows you could download WinDump, make sure your path includes the directory containing WinDump, and do from the command prompt. See also this answer to a similar question. answered 27 Oct '15, 13:29 Guy Harris ♦♦ |
