User Guide
File Input / Output and Printing
71
File formats have different time stamp accuracies!
Saving from the currently used file format to a different format may reduce the time stamp
accuracy; see the Section 7.4, “Time Stamps” for details.
The following file formats can be saved by Wireshark (with the known file extensions):
• libpcap, tcpdump and various other tools using tcpdump's capture format (*.pcap,*.cap,*.dmp)
• Accellent 5Views (*.5vw)
• HP-UX's nettl (*.TRC0,*.TRC1)
• Microsoft Network Monitor - NetMon (*.cap)
• Network Associates Sniffer - DOS (*.cap,*.enc,*.trc,*fdc,*.syc)
• Network Associates Sniffer - Windows (*.cap)
• Network Instruments Observer version 9 (*.bfr)
• Novell LANalyzer (*.tr1)
• Sun snoop (*.snoop,*.cap)
• Visual Networks Visual UpTime traffic (*.*)
• ... new file formats are added from time to time
If the above tools will be more helpful than Wireshark is a different question ;-)
Third party protocol analyzers may require specific file
extensions!
Other protocol analyzers than Wireshark may require that the file has a certain file extension
in order to read the files you generate with Wireshark, e.g.:
".cap" for Network Associates Sniffer - Windows
5.4. Merging capture files
Sometimes you need to merge several capture files into one. For example this can be useful, if you have
captured simultaneously from multiple interfaces at once (e.g. using multiple instances of Wireshark).
Merging capture files can be done in three ways:
• Use the menu item "Merge" from the "File" menu, to open the merge dialog, see Section 5.4.1, “The
"Merge with Capture File" dialog box”. This menu item will be disabled, until you have loaded a capture
file.
• Use drag-and-drop to drop multiple files on the main window. Wireshark will try to merge the packets
in chronological order from the dropped files into a newly created temporary file. If you drop only a
single file, it will simply replace a (maybe) existing one.