7.2.10  
Download Now
 
 

Sawmill Discussion Forum

Subject: "Support for Wireshark Logs?"     Previous Topic | Next Topic
Printer-friendly copy     Email this topic to a friend    
Conferences Pre-Sales Topic #654
Reading Topic #654
Bill Dodd
unregistered user
 Nov-02-06, 12:59 PM (PDT)
 
"Support for Wireshark Logs?"
 
   When attempting to open files captured with Wireshark, Sawmill tells me that it does not support binary type files and to export them as plain text. In wireshark, I got to file->export->file and it generates a textfile. When attempting to open that file, sawmill tells me the file is empty or inthe wrong format. Does sawmill support these Wireshark logs?

Thank you!
Bill


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
dgilmoreadmin
Member since Nov-18-04
2343 posts		 Nov-02-06, 02:25 PM (PDT)
Click to EMail dgilmore Click to send private message to dgilmore Click to view user profileClick to add this user to your buddy list Click to send message via AOL IM  
1. "RE: Support for Wireshark Logs?"
In response to message #0
 
LAST EDITED ON Nov-02-06 AT 02:26 PM (PDT)
 
Ok, here's what i just did...

Save the capture as a libpcap (tcpdump, wireshark, etc.) format.

then use tcpdump at the command line and run the following command.

tcpdump -tt -r /path/filename > output_file_name

then point Sawmill to the output_file_name and Samwill will autodetect the log format as:

tcpdump Log Format (-tt, with interface)

David
Sawmill Product Support Team
support@flowerfire.com


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
Jason Ingalls
unregistered user
 Sep-27-07, 08:25 AM (PDT)
 
2. "RE: Support for Wireshark Logs?"
In response to message #1
 
   FYI, if you are attempting this on a Windows 2k/XP machine, and need to convert a pcap file so that Sawmill can view your wireshark logs, just go download Windump from www.winpcap.org/windump/install/ and use the same command given in the above post. It seems to work just fine, just takes a while for the DOS program to crunch through pcap files.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top

Conferences | Topics | Previous Topic | Next Topic
 
 
Home    Lite    Professional    Enterprise    Samples    FAQ    Downloads    Purchase    Manual    Support    Contact Us
Copyright © 2007 by Flowerfire. Privacy Policy