BaurHome Software

• Home
• Eavesdrop
  • New Version
  • Release Notes
  • Screenshots
  • Documentation
    • Getting Started
    • Conversations
    • Global Graphs
    • External Captures
  • FAQ
• TiVo Butler
• Tool Kit Browser
• Index Dice
• Downloads

Opening an External Capture File

External capture files can be viewed in Eavesdrop. Any file in tcpdump format can be opened. This can be a file saved by tcpdump or Ethereal (saved in its native format). It does not have to be captured from a Mac originally, it can be from a Linux or Windows version of Ethereal, for example. In order to be recognized by the application, the file must have ".cap" as the extension.

Producing a Capture File

Capturing from the command line is much more efficient than using Eavesdrop directly. If you are planning on running a long capture, this may be more desirable than using a graphical tool. In order to produce a capture file from the command line, you can type:

sudo tcpdump -i en0 -s 65535 -w something.cap

This will capture from the first ethernet device, save all capture data and save it in the file "something.cap".