Daily Archives: 2007-12-04

Wireshark: Converting Solaris snoop captured data to libpcap format

Wireshark (formerly known as Ethereal) is a wonderful tool. One of the very useful things which it can do easily is convert Solaris “snoop” capture files to the libpcap format, which can be read by other packet analyzing tools, like tcpdump.

Here’s now I just converted a set of Solaris snoop files to pcap files, using the text-mode interface of Wireshark, the tshark utility:

bash$ for fname in *.snoop ; do \
        newname="${fname%%.snoop}.pcap" ; \
        tshark -r "${fname}" -w "${newname}" && \
            rm -f "${fname}" ; \
        echo "rc=$? ${fname} -> ${newname}" ; \
Advertisements

bmake: call for developers

The clean style and beauty of the BSD makefiles inspires a lot of people to ask me if there’s an up to date, portable way of installing BSD make on systems which are not running FreeBSD, i.e. Linux or Solaris. Continue reading