projects / apple / file_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
file_cmds-60.tar.gz
[apple/file_cmds.git] / file / magdir / sniffer
1
2 #------------------------------------------------------------------------------
3 # sniffer:  file(1) magic for packet captured files
4 #
5 # From: guy@netapp.com (Guy Harris)
6 #
7 # Microsoft NetMon (packet capture/display program) capture files.
8 #
9 0       string          RTSS            NetMon capture file
10 >4      byte            x               - version %d
11 >5      byte            x               \b.%d
12 #
13 # Network General Sniffer capture files.
14 #
15 0       string          TRSNIFF\ data\ \ \ \ \032       Sniffer capture file
16 >23     leshort         x               - version %d
17 >25     leshort         x               \b.%d
18 >33     byte            x               (Format %d,
19 >32     byte            0               Token ring)
20 >32     byte            1               Ethernet)
21 >32     byte            2               ARCnet)
22 >32     byte            3               StarLAN)
23 >32     byte            4               PC Network broadband)
24 >32     byte            5               LocalTalk)
25 >32     byte            6               Znet)
26 #
27 # "libpcap" capture files.
28 # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
29 # the main program that uses that format, but there's also "tcpview",
30 # and there may be others in the future.)
31 #
32 0       ubelong         0xa1b2c3d4      tcpdump capture file (big-endian)
33 >4      beshort         x               - version %d
34 >6      beshort         x               \b.%d
35 >20     belong          0               (No link-layer encapsulation
36 >20     belong          1               (Ethernet
37 >20     belong          2               (3Mb Ethernet
38 >20     belong          3               (AX.25
39 >20     belong          4               (ProNet
40 >20     belong          5               (Chaos
41 >20     belong          6               (IEEE 802.x network
42 >20     belong          7               (ARCnet
43 >20     belong          8               (SLIP
44 >20     belong          9               (PPP
45 >20     belong          10              (FDDI
46 >20     belong          11              (RFC 1483 ATM
47 >16     belong          x               \b, capture length %d)
48 0       ulelong         0xa1b2c3d4      tcpdump capture file (little-endian)
49 >4      leshort         x               - version %d
50 >6      leshort         x               \b.%d
51 >20     lelong          0               (No link-layer encapsulation
52 >20     lelong          1               (Ethernet
53 >20     lelong          2               (3Mb Ethernet
54 >20     lelong          3               (AX.25
55 >20     lelong          4               (ProNet
56 >20     lelong          5               (Chaos
57 >20     lelong          6               (IEEE 802.x network
58 >20     lelong          7               (ARCnet
59 >20     lelong          8               (SLIP
60 >20     lelong          9               (PPP
61 >20     lelong          10              (FDDI
62 >20     lelong          11              (RFC 1483 ATM
63 >16     lelong          x               \b, capture length %d)
mirror of file_cmds