Reading capture files

The File Open dialog box

The Ethereal File Open dialog box allows you to search for a capture file containing previously captured packets for display in Ethereal. Figure 16 shows an example of the Ethereal Open File Dialog box.

With this dialog box, you can perform the following actions:

1. Create directories with the Create Dir button.

2. Delete files with the Delete File button.

3. Rename files with the Rename File button.

4. Select files and directories with the directories and files list boxes and the file system heirarchy drop down box.

5. Specify a display filter with the Filter button and filter field. Clicking on the Filter button causes Ethereal to pop up the Filters dialog box (while is discussed further in the Section called Filtering packets while viewing).

6. Specify that MAC name resolution is to be performed for all MAC addresses in packets by clicking on the "Enable MAC name resolution" check button.

7. Specify that DNS name resolution is to be performed for all ip addresses in packets by clicking on the "Enable network name resolution" check button.

   	Note
   	Enabling network name resolution when your DNS server is unavailable may significantly slow ethereal while it waits for all of the DNS requests to time out

8. Specify that transport name resolution is to be performed for all transport (TCP/UDP port) addresses in packets by clicking on the "Enable transport name resolution" check button.

9. Type in the name of the capture file you wish to open, as a standard file name in your file system.

10. Click on OK to accept your selected file and open it. If Ethereal recognizes the capture format, it will display the packets read from the capture file in the packet list pane. If it does not recognize the capture format, it will display an error dialog box. After clicking OK, you can try another file.

11. Click on Cancel to go back to Ethereal and not load a capture file.