Deleted Added
sdiff udiff text old ( 186675 ) new ( 226048 )
full compact
sniffer (186675) sniffer (226048)
1
2#------------------------------------------------------------------------------
1
2#------------------------------------------------------------------------------
3# $File: sniffer,v 1.18 2011/08/08 08:49:27 christos Exp $
3# sniffer: file(1) magic for packet capture files
4#
5# From: guy@alum.mit.edu (Guy Harris)
6#
7
8#
9# Microsoft Network Monitor 1.x capture files.
10#

--- 57 unchanged lines hidden (view full) ---

68
69#
70# "libpcap" capture files.
71# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
72# the main program that uses that format, but there are other programs
73# that use "libpcap", or that use the same capture file format.)
74#
750 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
4# sniffer: file(1) magic for packet capture files
5#
6# From: guy@alum.mit.edu (Guy Harris)
7#
8
9#
10# Microsoft Network Monitor 1.x capture files.
11#

--- 57 unchanged lines hidden (view full) ---

69
70#
71# "libpcap" capture files.
72# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
73# the main program that uses that format, but there are other programs
74# that use "libpcap", or that use the same capture file format.)
75#
760 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
77!:mime application/vnd.tcpdump.pcap
76>4 beshort x - version %d
77>6 beshort x \b.%d
78>20 belong 0 (No link-layer encapsulation
79>20 belong 1 (Ethernet
80>20 belong 2 (3Mb Ethernet
81>20 belong 3 (AX.25
82>20 belong 4 (ProNET
83>20 belong 5 (CHAOS

--- 48 unchanged lines hidden (view full) ---

132>20 belong 158 (Private use 11
133>20 belong 159 (Private use 12
134>20 belong 160 (Private use 13
135>20 belong 161 (Private use 14
136>20 belong 162 (Private use 15
137>20 belong 163 (802.11 with AVS header
138>16 belong x \b, capture length %d)
1390 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
78>4 beshort x - version %d
79>6 beshort x \b.%d
80>20 belong 0 (No link-layer encapsulation
81>20 belong 1 (Ethernet
82>20 belong 2 (3Mb Ethernet
83>20 belong 3 (AX.25
84>20 belong 4 (ProNET
85>20 belong 5 (CHAOS

--- 48 unchanged lines hidden (view full) ---

134>20 belong 158 (Private use 11
135>20 belong 159 (Private use 12
136>20 belong 160 (Private use 13
137>20 belong 161 (Private use 14
138>20 belong 162 (Private use 15
139>20 belong 163 (802.11 with AVS header
140>16 belong x \b, capture length %d)
1410 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
142!:mime application/vnd.tcpdump.pcap
140>4 leshort x - version %d
141>6 leshort x \b.%d
142>20 lelong 0 (No link-layer encapsulation
143>20 lelong 1 (Ethernet
144>20 lelong 2 (3Mb Ethernet
145>20 lelong 3 (AX.25
146>20 lelong 4 (ProNET
147>20 lelong 5 (CHAOS

--- 94 unchanged lines hidden (view full) ---

242>20 lelong 10 (FDDI
243>20 lelong 11 (RFC 1483 ATM
244>20 lelong 12 (raw IP
245>20 lelong 13 (BSD/OS SLIP
246>20 lelong 14 (BSD/OS PPP
247>16 lelong x \b, capture length %d)
248
249#
143>4 leshort x - version %d
144>6 leshort x \b.%d
145>20 lelong 0 (No link-layer encapsulation
146>20 lelong 1 (Ethernet
147>20 lelong 2 (3Mb Ethernet
148>20 lelong 3 (AX.25
149>20 lelong 4 (ProNET
150>20 lelong 5 (CHAOS

--- 94 unchanged lines hidden (view full) ---

245>20 lelong 10 (FDDI
246>20 lelong 11 (RFC 1483 ATM
247>20 lelong 12 (raw IP
248>20 lelong 13 (BSD/OS SLIP
249>20 lelong 14 (BSD/OS PPP
250>16 lelong x \b, capture length %d)
251
252#
253# "pcap-ng" capture files.
254# http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
255# Pcap-ng files can contain multiple sections. Printing the endianness,
256# snaplen, or other information from the first SHB may be misleading.
257#
2580 ubelong 0x0a0d0d0a
259>8 ubelong 0x1a2b3c4d pcap-ng capture file
260>>12 beshort x - version %d
261>>14 beshort x \b.%d
2620 ulelong 0x0a0d0d0a
263>8 ulelong 0x1a2b3c4d pcap-ng capture file
264>>12 leshort x - version %d
265>>14 leshort x \b.%d
266
267#
250# AIX "iptrace" capture files.
251#
2520 string iptrace\ 1.0 "iptrace" capture file
2530 string iptrace\ 2.0 "iptrace" capture file
254
255#
256# Novell LANalyzer capture files.
257#

--- 40 unchanged lines hidden --- 		268# AIX "iptrace" capture files.
269#
2700 string iptrace\ 1.0 "iptrace" capture file
2710 string iptrace\ 2.0 "iptrace" capture file
272
273#
274# Novell LANalyzer capture files.
275#

--- 40 unchanged lines hidden ---