sniffer (186675) | sniffer (226048) |
---|---|
1 2#------------------------------------------------------------------------------ | 1 2#------------------------------------------------------------------------------ |
3# $File: sniffer,v 1.18 2011/08/08 08:49:27 christos Exp $ |
|
3# sniffer: file(1) magic for packet capture files 4# 5# From: guy@alum.mit.edu (Guy Harris) 6# 7 8# 9# Microsoft Network Monitor 1.x capture files. 10# --- 57 unchanged lines hidden (view full) --- 68 69# 70# "libpcap" capture files. 71# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is 72# the main program that uses that format, but there are other programs 73# that use "libpcap", or that use the same capture file format.) 74# 750 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) | 4# sniffer: file(1) magic for packet capture files 5# 6# From: guy@alum.mit.edu (Guy Harris) 7# 8 9# 10# Microsoft Network Monitor 1.x capture files. 11# --- 57 unchanged lines hidden (view full) --- 69 70# 71# "libpcap" capture files. 72# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is 73# the main program that uses that format, but there are other programs 74# that use "libpcap", or that use the same capture file format.) 75# 760 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) |
77!:mime application/vnd.tcpdump.pcap |
|
76>4 beshort x - version %d 77>6 beshort x \b.%d 78>20 belong 0 (No link-layer encapsulation 79>20 belong 1 (Ethernet 80>20 belong 2 (3Mb Ethernet 81>20 belong 3 (AX.25 82>20 belong 4 (ProNET 83>20 belong 5 (CHAOS --- 48 unchanged lines hidden (view full) --- 132>20 belong 158 (Private use 11 133>20 belong 159 (Private use 12 134>20 belong 160 (Private use 13 135>20 belong 161 (Private use 14 136>20 belong 162 (Private use 15 137>20 belong 163 (802.11 with AVS header 138>16 belong x \b, capture length %d) 1390 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) | 78>4 beshort x - version %d 79>6 beshort x \b.%d 80>20 belong 0 (No link-layer encapsulation 81>20 belong 1 (Ethernet 82>20 belong 2 (3Mb Ethernet 83>20 belong 3 (AX.25 84>20 belong 4 (ProNET 85>20 belong 5 (CHAOS --- 48 unchanged lines hidden (view full) --- 134>20 belong 158 (Private use 11 135>20 belong 159 (Private use 12 136>20 belong 160 (Private use 13 137>20 belong 161 (Private use 14 138>20 belong 162 (Private use 15 139>20 belong 163 (802.11 with AVS header 140>16 belong x \b, capture length %d) 1410 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) |
142!:mime application/vnd.tcpdump.pcap |
|
140>4 leshort x - version %d 141>6 leshort x \b.%d 142>20 lelong 0 (No link-layer encapsulation 143>20 lelong 1 (Ethernet 144>20 lelong 2 (3Mb Ethernet 145>20 lelong 3 (AX.25 146>20 lelong 4 (ProNET 147>20 lelong 5 (CHAOS --- 94 unchanged lines hidden (view full) --- 242>20 lelong 10 (FDDI 243>20 lelong 11 (RFC 1483 ATM 244>20 lelong 12 (raw IP 245>20 lelong 13 (BSD/OS SLIP 246>20 lelong 14 (BSD/OS PPP 247>16 lelong x \b, capture length %d) 248 249# | 143>4 leshort x - version %d 144>6 leshort x \b.%d 145>20 lelong 0 (No link-layer encapsulation 146>20 lelong 1 (Ethernet 147>20 lelong 2 (3Mb Ethernet 148>20 lelong 3 (AX.25 149>20 lelong 4 (ProNET 150>20 lelong 5 (CHAOS --- 94 unchanged lines hidden (view full) --- 245>20 lelong 10 (FDDI 246>20 lelong 11 (RFC 1483 ATM 247>20 lelong 12 (raw IP 248>20 lelong 13 (BSD/OS SLIP 249>20 lelong 14 (BSD/OS PPP 250>16 lelong x \b, capture length %d) 251 252# |
253# "pcap-ng" capture files. 254# http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html 255# Pcap-ng files can contain multiple sections. Printing the endianness, 256# snaplen, or other information from the first SHB may be misleading. 257# 2580 ubelong 0x0a0d0d0a 259>8 ubelong 0x1a2b3c4d pcap-ng capture file 260>>12 beshort x - version %d 261>>14 beshort x \b.%d 2620 ulelong 0x0a0d0d0a 263>8 ulelong 0x1a2b3c4d pcap-ng capture file 264>>12 leshort x - version %d 265>>14 leshort x \b.%d 266 267# |
|
250# AIX "iptrace" capture files. 251# 2520 string iptrace\ 1.0 "iptrace" capture file 2530 string iptrace\ 2.0 "iptrace" capture file 254 255# 256# Novell LANalyzer capture files. 257# --- 40 unchanged lines hidden --- | 268# AIX "iptrace" capture files. 269# 2700 string iptrace\ 1.0 "iptrace" capture file 2710 string iptrace\ 2.0 "iptrace" capture file 272 273# 274# Novell LANalyzer capture files. 275# --- 40 unchanged lines hidden --- |