git Service のサービス IN-Ulm e.V. エクスプローラ ヘルプ
サインイン
cbiedl
/
file
1
0
フォーク 0
ファイル プルリクエスト 0 Wiki
ツリー: 4d593e3827
ブランチ タグ
file
/
Magdir
/
sniffer

sniffer 2.1 KB
履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. 

  2. #------------------------------------------------------------------------------
    3. 

  3. # sniffer:  file(1) magic for packet captured files
    4. 

  4. #
    5. 

  5. # From: guy@netapp.com (Guy Harris)
    6. 

  6. #
    7. 

  7. # Microsoft NetMon (packet capture/display program) capture files.
    8. 

  8. #
    9. 

  9. 0	string		RTSS		NetMon capture file
    10. 

  10. >4	byte		x		- version %d
    11. 

  11. >5	byte		x		\b.%d
    12. 

  12. >6	leshort		0		(Unknown)
    13. 

  13. >6	leshort		1		(Ethernet)
    14. 

  14. >6	leshort		2		(Token Ring)
    15. 

  15. >6	leshort		3		(FDDI)
    16. 

  16. 

  17. #
    18. 

  18. # Network General Sniffer capture files.
    19. 

  19. #
    20. 

  20. 0	string		TRSNIFF\ data\ \ \ \ \032	Sniffer capture file
    21. 

  21. >23	leshort		x		- version %d
    22. 

  22. >25	leshort		x		\b.%d
    23. 

  23. >33	byte		x		(Format %d,
    24. 

  24. >32	byte		0		Token ring)
    25. 

  25. >32	byte		1		Ethernet)
    26. 

  26. >32	byte		2		ARCNET)
    27. 

  27. >32	byte		3		StarLAN)
    28. 

  28. >32	byte		4		PC Network broadband)
    29. 

  29. >32	byte		5		LocalTalk)
    30. 

  30. >32	byte		6		Znet)
    31. 

  31. #
    32. 

  32. # Cinco Networks NetXRay capture files.
    33. 

  33. #
    34. 

  34. 0	string		XCP\0		NetXRay capture file
    35. 

  35. >4	string		>\0		- version %s
    36. 

  36. #
    37. 

  37. # "libpcap" capture files.
    38. 

  38. # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
    39. 

  39. # the main program that uses that format, but there's also "tcpview",
    40. 

  40. # and there may be others in the future.)
    41. 

  41. #
    42. 

  42. 0	ubelong		0xa1b2c3d4	tcpdump capture file (big-endian)
    43. 

  43. >4	beshort		x		- version %d
    44. 

  44. >6	beshort		x		\b.%d
    45. 

  45. >20	belong		0		(No link-layer encapsulation
    46. 

  46. >20	belong		1		(Ethernet
    47. 

  47. >20	belong		2		(3Mb Ethernet
    48. 

  48. >20	belong		3		(AX.25
    49. 

  49. >20	belong		4		(ProNET
    50. 

  50. >20	belong		5		(CHAOS
    51. 

  51. >20	belong		6		(IEEE 802.x network
    52. 

  52. >20	belong		7		(ARCNET
    53. 

  53. >20	belong		8		(SLIP
    54. 

  54. >20	belong		9		(PPP
    55. 

  55. >20	belong		10		(FDDI
    56. 

  56. >20	belong		11		(RFC 1483 ATM
    57. 

  57. >20	belong		12		(raw IP
    58. 

  58. >20	belong		13		(BSD/OS SLIP
    59. 

  59. >20	belong		14		(BSD/OS PPP
    60. 

  60. >16	belong		x		\b, capture length %d)
    61. 

  61. 0	ulelong		0xa1b2c3d4	tcpdump capture file (little-endian)
    62. 

  62. >4	leshort		x		- version %d
    63. 

  63. >6	leshort		x		\b.%d
    64. 

  64. >20	lelong		0		(No link-layer encapsulation
    65. 

  65. >20	lelong		1		(Ethernet
    66. 

  66. >20	lelong		2		(3Mb Ethernet
    67. 

  67. >20	lelong		3		(AX.25
    68. 

  68. >20	lelong		4		(ProNET
    69. 

  69. >20	lelong		5		(CHAOS
    70. 

  70. >20	lelong		6		(IEEE 802.x network
    71. 

  71. >20	lelong		7		(ARCNET
    72. 

  72. >20	lelong		8		(SLIP
    73. 

  73. >20	lelong		9		(PPP
    74. 

  74. >20	lelong		10		(FDDI
    75. 

  75. >20	lelong		11		(RFC 1483 ATM
    76. 

  76. >20	lelong		12		(raw IP
    77. 

  77. >20	lelong		13		(BSD/OS SLIP
    78. 

  78. >20	lelong		14		(BSD/OS PPP
    79. 

  79. >16	lelong		x		\b, capture length %d)
    80.