1
2#------------------------------------------------------------------------------
3# sniffer: file(1) magic for packet capture files
4#
5# From: guy@alum.mit.edu (Guy Harris)
6#
7
8#
9# Microsoft Network Monitor 1.x capture files.
10#
--- 57 unchanged lines hidden (view full) ---
68
69#
70# "libpcap" capture files.
71# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
72# the main program that uses that format, but there are other programs
73# that use "libpcap", or that use the same capture file format.)
74#
750 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
76>4 beshort x - version %d
77>6 beshort x \b.%d
78>20 belong 0 (No link-layer encapsulation
79>20 belong 1 (Ethernet
80>20 belong 2 (3Mb Ethernet
81>20 belong 3 (AX.25
82>20 belong 4 (ProNET
83>20 belong 5 (CHAOS
--- 48 unchanged lines hidden (view full) ---
132>20 belong 158 (Private use 11
133>20 belong 159 (Private use 12
134>20 belong 160 (Private use 13
135>20 belong 161 (Private use 14
136>20 belong 162 (Private use 15
137>20 belong 163 (802.11 with AVS header
138>16 belong x \b, capture length %d)
1390 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
140>4 leshort x - version %d
141>6 leshort x \b.%d
142>20 lelong 0 (No link-layer encapsulation
143>20 lelong 1 (Ethernet
144>20 lelong 2 (3Mb Ethernet
145>20 lelong 3 (AX.25
146>20 lelong 4 (ProNET
147>20 lelong 5 (CHAOS
--- 94 unchanged lines hidden (view full) ---
242>20 lelong 10 (FDDI
243>20 lelong 11 (RFC 1483 ATM
244>20 lelong 12 (raw IP
245>20 lelong 13 (BSD/OS SLIP
246>20 lelong 14 (BSD/OS PPP
247>16 lelong x \b, capture length %d)
248
249#
250# AIX "iptrace" capture files.
251#
2520 string iptrace\ 1.0 "iptrace" capture file
2530 string iptrace\ 2.0 "iptrace" capture file
254
255#
256# Novell LANalyzer capture files.
257#
--- 40 unchanged lines hidden ---
2#------------------------------------------------------------------------------
3# sniffer: file(1) magic for packet capture files
4#
5# From: guy@alum.mit.edu (Guy Harris)
6#
7
8#
9# Microsoft Network Monitor 1.x capture files.
10#
--- 57 unchanged lines hidden (view full) ---
68
69#
70# "libpcap" capture files.
71# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
72# the main program that uses that format, but there are other programs
73# that use "libpcap", or that use the same capture file format.)
74#
750 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
76>4 beshort x - version %d
77>6 beshort x \b.%d
78>20 belong 0 (No link-layer encapsulation
79>20 belong 1 (Ethernet
80>20 belong 2 (3Mb Ethernet
81>20 belong 3 (AX.25
82>20 belong 4 (ProNET
83>20 belong 5 (CHAOS
--- 48 unchanged lines hidden (view full) ---
132>20 belong 158 (Private use 11
133>20 belong 159 (Private use 12
134>20 belong 160 (Private use 13
135>20 belong 161 (Private use 14
136>20 belong 162 (Private use 15
137>20 belong 163 (802.11 with AVS header
138>16 belong x \b, capture length %d)
1390 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
140>4 leshort x - version %d
141>6 leshort x \b.%d
142>20 lelong 0 (No link-layer encapsulation
143>20 lelong 1 (Ethernet
144>20 lelong 2 (3Mb Ethernet
145>20 lelong 3 (AX.25
146>20 lelong 4 (ProNET
147>20 lelong 5 (CHAOS
--- 94 unchanged lines hidden (view full) ---
242>20 lelong 10 (FDDI
243>20 lelong 11 (RFC 1483 ATM
244>20 lelong 12 (raw IP
245>20 lelong 13 (BSD/OS SLIP
246>20 lelong 14 (BSD/OS PPP
247>16 lelong x \b, capture length %d)
248
249#
250# AIX "iptrace" capture files.
251#
2520 string iptrace\ 1.0 "iptrace" capture file
2530 string iptrace\ 2.0 "iptrace" capture file
254
255#
256# Novell LANalyzer capture files.
257#
--- 40 unchanged lines hidden ---