Here is what the help in my copy says.. Wanted to give a small pic but system wont let me... What it means is that you can write your own extractor... looks simple. The capture.bin file (located in your Port Explorer directory if you've used Socket Spy to capture data) is of a simple, custom format, and is documented here for programmers who may wish to make their own capture.bin analysis/viewing programs. Packets are stored in consecutive order in the capture.bin file, with each packet preceded by a header and filename. The header is stored with the process filename (with null terminating character) immediately following it, with the captured packet (of size dwBufsize) immediately following the filename, which is in turn followed by the next header and packet, and so on. C #pragma pack(1) struct SPYPACKET { DWORD headerID; //always "SPY_" DWORD pid; UCHAR sendrecv; //1 if sending 0 if receive UCHAR protocol; DWORD localaddr; USHORT localport; DWORD remoteaddr; USHORT remoteport; SPYTIME creation; //when this packet was sent/recvd USHORT bufsize; //length of filedata USHORT namesize; //length of filename DWORD footerID; //always 0x12345678 }; struct SPYTIME { unsigned day : 5; //day from 1-31 unsigned month : 4; //month from 1-12 unsigned year : 6; //2000 + whatever value in here unsigned hour : 5; //hour from 0-23 unsigned minute : 6; //minute from 1-59 unsigned second : 6; //second from 1-59 }; #pragma pack() SPYPACKET total size 34 bytes