You should be able to read it no problem.  I use tcpdump to capture
packets on my NetBSD box and then view them on my Linux box at work all
the time (although I usually use ethereal to view them, but tcpdump should
be able to handle them too).

Rick

On Sat, 1 Dec 2001, Yutaka KAWASE wrote:

> Date: Sat, 01 Dec 2001 04:07:43 +0900
> From: Yutaka KAWASE <yutaka@mailhost.net>
> To: netbsd-users@netbsd.org
> Subject: tcpdump file format
>
>
> Hi all,
>
> I wonder if I could read a tcpdump output which was created by -w
> option on a linux box. I mean I can't do "tcpdump -r" on a NetBSD box.
>
> In particular, I did "tcpdump -w somefile" on a Red Hat 7.0 box and the
> 'somefile' is now on a NetBSD-1.5.2 box. Now it says,
>
>
> me@nbsd:~$ tcpdump -r somefile
> tcpdump: bad dump file format
> me@nbsd:~$ file somefile
> somefile: extended tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 144)
> me@nbsd:~$
>
>
> I found a comment in /usr/share/misc/magic like this;
>
> #
> # "libpcap"-with-Alexey-Kuznetsov's-patches capture files.
> # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
> # the main program that uses that format, but there are other programs
> # that use "libpcap", or that use the same capture file format.)
> #
> 0       ubelong         0xa1b2cd34      extended tcpdump capture file (big-endian)
> >4      beshort         x               - version %d
> >6      beshort         x               \b.%d
> >20     belong          0               (No link-layer encapsulation
> >20     belong          1               (Ethernet
>
> [snip]
>
> 0       ulelong         0xa1b2cd34      extended tcpdump capture file (little-endian)
>
>
> Maybe I should apply the Alexey-Kuznetsov's patch and re-compile
> tcpdump in my home directory or somewhere but I don't know where I
> could find the patch.
>
> Can someone give me a clue ??
>
> And what is this patch for, actually?
>
> --
> Yutaka KAWASE <me@yk.tp>
>
>
>
>