All binary network captures are in tcpdump format. The Honeynet Project recommend
you use either Snort or
Ethereal to read and analyze the these files. To help you decode the signatures, the following
RFC's are provided. If you want to learn more about decoding TCP/IP, we highly recommend
the book TCP/IP Illustrated, Volume 1, by Richard Stevens.