I have a raw tcpdump text file like tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 17:82 IP 1.4.0.2.50425 >1.4.1.75.8009: P:(612) ack win 602 17:53 IP 1.4.0.2.50425 >1.4.1.75.8009: P 612:1401(789) ack 1 win 602 Where Wireshark responds to opening the file 'The file 'xxxxx' isn't a capture file in a format wireshark understands. Do you have a converter?

Or something that will assist me? As the output of tcpdump was its text-mode output, the only information available in the file is the information tcpdump printed; even if it were possible to convert that file to a pcap file, the pcap file would not contain any more information than is available in the printout - the TCP payload of the two packets you showed, for example, is permanently lost and you will not ever be able to get it back. If you need that information in order to solve a problem, you're out of luck.

At best, you can try to get another trace, if whatever problem you're trying to diagnose can be made to happen again, and this time have them use tcpdump with the -w option, so that it writes out a pcap file. They should also use -s 0 in the tcpdump command, so that they get the full packet data. Apple have on how to take network traces; it discusses this from the point of view of an OS X user, and mentions some OS X-only tools, but it also mentions tcpdump in the 'Getting Started With tcpdump' section, and that section applies to other UN*Xes, once you replace 'If you're running on a system prior to OS X 1 Programa Formatar Zero Fill Hard. 0.6' with 'If you're using tcpdump 0.x or 1.0.x' and 'on OS X 10.6 and later' with 'with tcpdump 1.1.0 and later', and replace the stuff talking about the -i option with whatever is appropriate for your OS and machine. That note mentions both -w and -s 0, as they are very important for getting traces to be sent to somebody else to analyze.