This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hi

i've saved a log in a .pcap file, but i have to work with sawmill universal analisis, and every time i load the file, the program show this message

"This log data appears to be in Wireshark, Ethereal, or tcpdump Binary Log Format, which is a binary format not supported directly by Sawmill (Sawmill processes text files, and does not support binary formats). You can still analyze this data with Sawmill, but you need to export to a text format first, using the "Export as Plain Text File" dialog box in Wireshark or Ethereal, or using the tcpdump command line tool (tcpdump -r binaryfile.dat -tt > textlog.txt). The resulting file should be autodetected as a tcpdump (-tt) log when you create a profile; choose that format when prompted."

asked 27 Oct '15, 12:59

buddhaa11's gravatar image

buddhaa11
11336
accept rate: 0%

edited 27 Oct '15, 13:30

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


If you're on a UN*X (Linux, *BSD, OS X, Solaris, HP-UX, AIX, etc.), then either your system comes with tcpdump, provides it as an optional install, or has an third-party package available, such as the package on the HP-UX Porting and Archive Centre.

So, on a UN*X, if your capture file is called "foo.pcap", you could do

tcpdump -r foo.pcap -tt >foo.txt

and supply "foo.txt" to Sawmill.

If you're on Windows, WinDump, a port of tcpdump to Windows, is available.

So, if you're on Windows you could download WinDump, make sure your path includes the directory containing WinDump, and do

windump -r foo.pcap -tt >foo.txt

from the command prompt.

See also this answer to a similar question.

permanent link

answered 27 Oct '15, 13:29

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×97
×28
×12
×1

question asked: 27 Oct '15, 12:59

question was seen: 1,535 times

last updated: 27 Oct '15, 13:30

p​o​w​e​r​e​d by O​S​Q​A