]> git.saurik.com Git - apple/file_cmds.git/blame - file/magdir/sniffer
file_cmds-60.tar.gz
[apple/file_cmds.git] / file / magdir / sniffer
CommitLineData
440bd198
A
1
2#------------------------------------------------------------------------------
3# sniffer: file(1) magic for packet captured files
4#
5# From: guy@netapp.com (Guy Harris)
6#
7# Microsoft NetMon (packet capture/display program) capture files.
8#
90 string RTSS NetMon capture file
10>4 byte x - version %d
11>5 byte x \b.%d
12#
13# Network General Sniffer capture files.
14#
150 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file
16>23 leshort x - version %d
17>25 leshort x \b.%d
18>33 byte x (Format %d,
19>32 byte 0 Token ring)
20>32 byte 1 Ethernet)
21>32 byte 2 ARCnet)
22>32 byte 3 StarLAN)
23>32 byte 4 PC Network broadband)
24>32 byte 5 LocalTalk)
25>32 byte 6 Znet)
26#
27# "libpcap" capture files.
28# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
29# the main program that uses that format, but there's also "tcpview",
30# and there may be others in the future.)
31#
320 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
33>4 beshort x - version %d
34>6 beshort x \b.%d
35>20 belong 0 (No link-layer encapsulation
36>20 belong 1 (Ethernet
37>20 belong 2 (3Mb Ethernet
38>20 belong 3 (AX.25
39>20 belong 4 (ProNet
40>20 belong 5 (Chaos
41>20 belong 6 (IEEE 802.x network
42>20 belong 7 (ARCnet
43>20 belong 8 (SLIP
44>20 belong 9 (PPP
45>20 belong 10 (FDDI
46>20 belong 11 (RFC 1483 ATM
47>16 belong x \b, capture length %d)
480 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
49>4 leshort x - version %d
50>6 leshort x \b.%d
51>20 lelong 0 (No link-layer encapsulation
52>20 lelong 1 (Ethernet
53>20 lelong 2 (3Mb Ethernet
54>20 lelong 3 (AX.25
55>20 lelong 4 (ProNet
56>20 lelong 5 (Chaos
57>20 lelong 6 (IEEE 802.x network
58>20 lelong 7 (ARCnet
59>20 lelong 8 (SLIP
60>20 lelong 9 (PPP
61>20 lelong 10 (FDDI
62>20 lelong 11 (RFC 1483 ATM
63>16 lelong x \b, capture length %d)