head 1.8; access; symbols perseant-exfatfs-base-20250801:1.8 perseant-exfatfs-base-20240630:1.8 perseant-exfatfs:1.8.0.46 perseant-exfatfs-base:1.8 cjep_sun2x:1.8.0.44 cjep_sun2x-base:1.8 cjep_staticlib_x-base1:1.8 cjep_staticlib_x:1.8.0.42 cjep_staticlib_x-base:1.8 phil-wifi-20200421:1.8 phil-wifi-20200411:1.8 phil-wifi-20200406:1.8 pgoyette-compat-merge-20190127:1.8 pgoyette-compat-20190127:1.8 pgoyette-compat-20190118:1.8 pgoyette-compat-1226:1.8 pgoyette-compat-1126:1.8 pgoyette-compat-1020:1.8 pgoyette-compat-0930:1.8 pgoyette-compat-0906:1.8 pgoyette-compat-0728:1.8 pgoyette-compat-0625:1.8 pgoyette-compat-0521:1.8 pgoyette-compat-0502:1.8 pgoyette-compat-0422:1.8 pgoyette-compat-0415:1.8 pgoyette-compat-0407:1.8 pgoyette-compat-0330:1.8 pgoyette-compat-0322:1.8 pgoyette-compat-0315:1.8 pgoyette-compat:1.8.0.40 pgoyette-compat-base:1.8 perseant-stdc-iso10646:1.8.0.38 perseant-stdc-iso10646-base:1.8 prg-localcount2-base3:1.8 prg-localcount2-base2:1.8 prg-localcount2-base1:1.8 prg-localcount2:1.8.0.36 prg-localcount2-base:1.8 pgoyette-localcount-20170426:1.8 bouyer-socketcan-base1:1.8 pgoyette-localcount-20170320:1.8 bouyer-socketcan:1.8.0.34 bouyer-socketcan-base:1.8 pgoyette-localcount-20170107:1.8 pgoyette-localcount-20161104:1.8 localcount-20160914:1.8 pgoyette-localcount-20160806:1.8 pgoyette-localcount-20160726:1.8 pgoyette-localcount:1.8.0.32 pgoyette-localcount-base:1.8 netbsd-5-2-3-RELEASE:1.8 netbsd-5-1-5-RELEASE:1.8 yamt-pagecache-base9:1.8 yamt-pagecache-tag8:1.8 tls-earlyentropy:1.8.0.28 tls-earlyentropy-base:1.8 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.8 riastradh-drm2-base3:1.8 netbsd-5-2-2-RELEASE:1.8 netbsd-5-1-4-RELEASE:1.8 netbsd-5-2-1-RELEASE:1.8 netbsd-5-1-3-RELEASE:1.8 agc-symver:1.8.0.30 agc-symver-base:1.8 tls-maxphys-base:1.8 yamt-pagecache-base8:1.8 netbsd-5-2:1.8.0.26 yamt-pagecache-base7:1.8 netbsd-5-2-RELEASE:1.8 netbsd-5-2-RC1:1.8 yamt-pagecache-base6:1.8 yamt-pagecache-base5:1.8 yamt-pagecache-base4:1.8 netbsd-5-1-2-RELEASE:1.8 netbsd-5-1-1-RELEASE:1.8 yamt-pagecache-base3:1.8 yamt-pagecache-base2:1.8 yamt-pagecache:1.8.0.24 yamt-pagecache-base:1.8 bouyer-quota2-nbase:1.8 bouyer-quota2:1.8.0.22 bouyer-quota2-base:1.8 matt-nb5-pq3:1.8.0.20 matt-nb5-pq3-base:1.8 netbsd-5-1:1.8.0.18 netbsd-5-1-RELEASE:1.8 netbsd-5-1-RC4:1.8 netbsd-5-1-RC3:1.8 netbsd-5-1-RC2:1.8 netbsd-5-1-RC1:1.8 netbsd-5-0-2-RELEASE:1.8 netbsd-5-0-1-RELEASE:1.8 jym-xensuspend-nbase:1.8 netbsd-5-0:1.8.0.16 netbsd-5-0-RELEASE:1.8 netbsd-5-0-RC4:1.8 netbsd-5-0-RC3:1.8 netbsd-5-0-RC2:1.8 jym-xensuspend:1.8.0.14 jym-xensuspend-base:1.8 netbsd-5-0-RC1:1.8 netbsd-5:1.8.0.12 netbsd-5-base:1.8 mjf-devfs2:1.8.0.10 mjf-devfs2-base:1.8 yamt-pf42-base4:1.8 yamt-pf42-base3:1.8 hpcarm-cleanup-nbase:1.8 yamt-pf42-base2:1.8 yamt-pf42:1.8.0.8 yamt-pf42-base:1.8 keiichi-mipv6-nbase:1.8 keiichi-mipv6:1.8.0.6 keiichi-mipv6-base:1.8 cube-autoconf:1.8.0.4 cube-autoconf-base:1.8 hpcarm-cleanup:1.8.0.2 hpcarm-cleanup-base:1.8 netbsd-1-6-PATCH002-RELEASE:1.7 netbsd-1-6-PATCH002:1.7 netbsd-1-6-PATCH002-RC4:1.7 netbsd-1-6-PATCH002-RC3:1.7 netbsd-1-6-PATCH002-RC2:1.7 netbsd-1-6-PATCH002-RC1:1.7 netbsd-1-6-PATCH001:1.7 netbsd-1-6-PATCH001-RELEASE:1.7 netbsd-1-6-PATCH001-RC3:1.7 netbsd-1-6-PATCH001-RC2:1.7 netbsd-1-6-PATCH001-RC1:1.7 fvdl_fs64_base:1.7 netbsd-1-6-RELEASE:1.7 netbsd-1-6-RC3:1.7 netbsd-1-6-RC2:1.7 netbsd-1-6-RC1:1.7 FILE3_39:1.1.1.6 netbsd-1-6:1.7.0.2 netbsd-1-6-base:1.7 FILE3_38:1.1.1.6 netbsd-1-5-PATCH003:1.4.4.1 FILE3_37:1.1.1.6 netbsd-1-5-PATCH002:1.4.4.1 FILE3_36:1.1.1.5 netbsd-1-5-PATCH001:1.4.4.1 FILE3_34:1.1.1.4 FILE3_33:1.1.1.4 netbsd-1-5-RELEASE:1.4.4.1 netbsd-1-5-BETA2:1.4.4.1 netbsd-1-5-BETA:1.4.4.1 FILE3_32:1.1.1.4 netbsd-1-4-PATCH003:1.2 netbsd-1-5-ALPHA2:1.4 netbsd-1-5:1.4.0.4 netbsd-1-5-base:1.4 minoura-xpg4dl-base:1.4 minoura-xpg4dl:1.4.0.2 FILE3_31:1.1.1.3 netbsd-1-4-PATCH002:1.2 wrstuden-devbsize-19991221:1.3 wrstuden-devbsize:1.2.0.4 wrstuden-devbsize-base:1.3 comdex-fall-1999:1.3.0.2 comdex-fall-1999-base:1.3 FILE3_28:1.1.1.2 netbsd-1-4-PATCH001:1.2 netbsd-1-4-RELEASE:1.2 netbsd-1-4:1.2.0.2 netbsd-1-4-base:1.2 netbsd-1-3-PATCH003:1.1 netbsd-1-3-PATCH003-CANDIDATE2:1.1 netbsd-1-3-PATCH003-CANDIDATE1:1.1 netbsd-1-3-PATCH003-CANDIDATE0:1.1 FILE3_26:1.1.1.1 CHRISTOS:1.1.1 FILE:1.1.1 netbsd-1-3-PATCH002:1.1 netbsd-1-3-PATCH001:1.1 netbsd-1-3-RELEASE:1.1 netbsd-1-3-BETA:1.1 netbsd-1-3:1.1.0.2 netbsd-1-3-base:1.1; locks; strict; comment @# @; 1.8 date 2003.03.26.00.05.51; author pooka; state dead; branches; next 1.7; 1.7 date 2001.09.09.10.46.37; author pooka; state Exp; branches; next 1.6; 1.6 date 2001.07.22.22.53.06; author pooka; state Exp; branches; next 1.5; 1.5 date 2000.09.22.16.35.01; author pooka; state Exp; branches; next 1.4; 1.4 date 2000.05.14.22.53.39; author christos; state Exp; branches 1.4.4.1; next 1.3; 1.3 date 99.11.01.17.39.28; author christos; state Exp; branches; next 1.2; 1.2 date 98.09.20.15.27.19; author christos; state Exp; branches 1.2.4.1; next 1.1; 1.1 date 97.01.27.17.58.29; author christos; state Exp; branches 1.1.1.1; next ; 1.4.4.1 date 2000.09.30.06.20.49; author simonb; state Exp; branches; next ; 1.2.4.1 date 99.12.27.18.36.54; author wrstuden; state Exp; branches; next ; 1.1.1.1 date 98.09.19.18.07.49; author christos; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 99.11.01.17.30.20; author christos; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2000.05.14.22.44.23; author christos; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2000.09.22.16.01.07; author pooka; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2001.07.22.22.31.56; author pooka; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2001.09.09.10.38.55; author pooka; state Exp; branches; next ; desc @@ 1.8 log @use file from dist @ text @ #------------------------------------------------------------------------------ # sniffer: file(1) magic for packet capture files # # From: guy@@alum.mit.edu (Guy Harris) # # # Microsoft Network Monitor 1.x capture files. # 0 string RTSS NetMon capture file >4 byte x - version %d >5 byte x \b.%d >6 leshort 0 (Unknown) >6 leshort 1 (Ethernet) >6 leshort 2 (Token Ring) >6 leshort 3 (FDDI) # # Microsoft Network Monitor 2.x capture files. # 0 string GMBU NetMon capture file >4 byte x - version %d >5 byte x \b.%d >6 leshort 0 (Unknown) >6 leshort 1 (Ethernet) >6 leshort 2 (Token Ring) >6 leshort 3 (FDDI) # # Network General Sniffer capture files. # Sorry, make that "Network Associates Sniffer capture files." # 0 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file >33 byte 2 (compressed) >23 leshort x - version %d >25 leshort x \b.%d >32 byte 0 (Token Ring) >32 byte 1 (Ethernet) >32 byte 2 (ARCNET) >32 byte 3 (StarLAN) >32 byte 4 (PC Network broadband) >32 byte 5 (LocalTalk) >32 byte 6 (Znet) >32 byte 7 (Internetwork Analyzer) >32 byte 9 (FDDI) >32 byte 10 (ATM) # # Cinco Networks NetXRay capture files. # Sorry, make that "Network General Sniffer Basic capture files." # Sorry, make that "Network Associates Sniffer Basic capture files." # Sorry, make that "Network Associates Sniffer Basic, and Windows # Sniffer Pro", capture files." # 0 string XCP\0 NetXRay capture file >4 string >\0 - version %s >44 leshort 0 (Ethernet) >44 leshort 1 (Token Ring) >44 leshort 2 (FDDI) # # "libpcap" capture files. # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) # 0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) >4 beshort x - version %d >6 beshort x \b.%d >20 belong 0 (No link-layer encapsulation >20 belong 1 (Ethernet >20 belong 2 (3Mb Ethernet >20 belong 3 (AX.25 >20 belong 4 (ProNET >20 belong 5 (CHAOS >20 belong 6 (Token Ring >20 belong 7 (ARCNET >20 belong 8 (SLIP >20 belong 9 (PPP >20 belong 10 (FDDI >20 belong 11 (RFC 1483 ATM >20 belong 12 (raw IP >20 belong 13 (BSD/OS SLIP >20 belong 14 (BSD/OS PPP >20 belong 50 (PPP or Cisco HDLC >20 belong 51 (PPP-over-Ethernet >20 belong 100 (RFC 1483 ATM >20 belong 101 (raw IP >20 belong 102 (BSD/OS SLIP >20 belong 103 (BSD/OS PPP >20 belong 104 (BSD/OS Cisco HDLC >20 belong 105 (802.11 >20 belong 106 (Linux Classical IP over ATM >20 belong 108 (OpenBSD loopback >20 belong 109 (OpenBSD IPSEC encrypted >20 belong 113 (Linux "cooked" >20 belong 114 (LocalTalk >16 belong x \b, capture length %d) 0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) >4 leshort x - version %d >6 leshort x \b.%d >20 lelong 0 (No link-layer encapsulation >20 lelong 1 (Ethernet >20 lelong 2 (3Mb Ethernet >20 lelong 3 (AX.25 >20 lelong 4 (ProNET >20 lelong 5 (CHAOS >20 lelong 6 (Token Ring >20 lelong 7 (ARCNET >20 lelong 8 (SLIP >20 lelong 9 (PPP >20 lelong 10 (FDDI >20 lelong 11 (RFC 1483 ATM >20 lelong 12 (raw IP >20 lelong 13 (BSD/OS SLIP >20 lelong 14 (BSD/OS PPP >20 lelong 50 (PPP or Cisco HDLC >20 lelong 51 (PPP-over-Ethernet >20 lelong 100 (RFC 1483 ATM >20 lelong 101 (raw IP >20 lelong 102 (BSD/OS SLIP >20 lelong 103 (BSD/OS PPP >20 lelong 104 (BSD/OS Cisco HDLC >20 lelong 105 (802.11 >20 lelong 106 (Linux Classical IP over ATM >20 lelong 108 (OpenBSD loopback >20 lelong 109 (OpenBSD IPSEC encrypted >20 lelong 113 (Linux "cooked" >20 lelong 114 (LocalTalk >16 lelong x \b, capture length %d) # # "libpcap"-with-Alexey-Kuznetsov's-patches capture files. # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) # 0 ubelong 0xa1b2cd34 extended tcpdump capture file (big-endian) >4 beshort x - version %d >6 beshort x \b.%d >20 belong 0 (No link-layer encapsulation >20 belong 1 (Ethernet >20 belong 2 (3Mb Ethernet >20 belong 3 (AX.25 >20 belong 4 (ProNET >20 belong 5 (CHAOS >20 belong 6 (Token Ring >20 belong 7 (ARCNET >20 belong 8 (SLIP >20 belong 9 (PPP >20 belong 10 (FDDI >20 belong 11 (RFC 1483 ATM >20 belong 12 (raw IP >20 belong 13 (BSD/OS SLIP >20 belong 14 (BSD/OS PPP >16 belong x \b, capture length %d) 0 ulelong 0xa1b2cd34 extended tcpdump capture file (little-endian) >4 leshort x - version %d >6 leshort x \b.%d >20 lelong 0 (No link-layer encapsulation >20 lelong 1 (Ethernet >20 lelong 2 (3Mb Ethernet >20 lelong 3 (AX.25 >20 lelong 4 (ProNET >20 lelong 5 (CHAOS >20 lelong 6 (Token Ring >20 lelong 7 (ARCNET >20 lelong 8 (SLIP >20 lelong 9 (PPP >20 lelong 10 (FDDI >20 lelong 11 (RFC 1483 ATM >20 lelong 12 (raw IP >20 lelong 13 (BSD/OS SLIP >20 lelong 14 (BSD/OS PPP >16 lelong x \b, capture length %d) # # AIX "iptrace" capture files. # 0 string iptrace\ 2.0 "iptrace" capture file # # Novell LANalyzer capture files. # 0 leshort 0x1001 LANalyzer capture file 0 leshort 0x1007 LANalyzer capture file # # HP-UX "nettl" capture files. # 0 string \x54\x52\x00\x64\x00 "nettl" capture file # # RADCOM WAN/LAN Analyzer capture files. # 0 string \x42\xd2\x00\x34\x12\x66\x22\x88 RADCOM WAN/LAN Analyzer capture file # # NetStumbler log files. Not really packets, per se, but about as # close as you can get. These are log files from NetStumbler, a # Windows program, that scans for 802.11b networks. # 0 string NetS NetStumbler log file >8 lelong x \b, %d stations found @ 1.7 log @resolve conflicts @ text @@ 1.6 log @resolve conflicts @ text @d87 1 d93 2 a94 1 >20 belong 105 (Linux Classical IP over ATM d98 1 d119 1 d125 2 a126 1 >20 lelong 105 (Linux Classical IP over ATM d130 1 d198 8 @ 1.5 log @resolve conflicts @ text @d77 1 a77 1 >20 belong 6 (IEEE 802.x network d86 10 d106 1 a106 1 >20 lelong 6 (IEEE 802.x network d115 10 d142 1 a142 1 >20 belong 6 (IEEE 802.x network d161 1 a161 1 >20 lelong 6 (IEEE 802.x network @ 1.4 log @Resolve conflicts @ text @d108 45 @ 1.4.4.1 log @Pull up file 3.32 (requested by christos, approved by thorpej). @ text @a107 45 # "libpcap"-with-Alexey-Kuznetsov's-patches capture files. # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) # 0 ubelong 0xa1b2cd34 extended tcpdump capture file (big-endian) >4 beshort x - version %d >6 beshort x \b.%d >20 belong 0 (No link-layer encapsulation >20 belong 1 (Ethernet >20 belong 2 (3Mb Ethernet >20 belong 3 (AX.25 >20 belong 4 (ProNET >20 belong 5 (CHAOS >20 belong 6 (IEEE 802.x network >20 belong 7 (ARCNET >20 belong 8 (SLIP >20 belong 9 (PPP >20 belong 10 (FDDI >20 belong 11 (RFC 1483 ATM >20 belong 12 (raw IP >20 belong 13 (BSD/OS SLIP >20 belong 14 (BSD/OS PPP >16 belong x \b, capture length %d) 0 ulelong 0xa1b2cd34 extended tcpdump capture file (little-endian) >4 leshort x - version %d >6 leshort x \b.%d >20 lelong 0 (No link-layer encapsulation >20 lelong 1 (Ethernet >20 lelong 2 (3Mb Ethernet >20 lelong 3 (AX.25 >20 lelong 4 (ProNET >20 lelong 5 (CHAOS >20 lelong 6 (IEEE 802.x network >20 lelong 7 (ARCNET >20 lelong 8 (SLIP >20 lelong 9 (PPP >20 lelong 10 (FDDI >20 lelong 11 (RFC 1483 ATM >20 lelong 12 (raw IP >20 lelong 13 (BSD/OS SLIP >20 lelong 14 (BSD/OS PPP >16 lelong x \b, capture length %d) # @ 1.3 log @Resolve corn flakes. @ text @d5 1 a5 1 # From: guy@@netapp.com (Guy Harris) d7 3 a9 1 # Microsoft Network Monitor capture files. d20 11 d48 1 d53 2 d58 4 d106 21 @ 1.2 log @resolve corn flakes. @ text @d3 1 a3 1 # sniffer: file(1) magic for packet captured files d7 1 a7 1 # Microsoft NetMon (packet capture/display program) capture files. d19 1 d22 1 d25 10 a34 8 >33 byte x (Format %d, >32 byte 0 Token ring) >32 byte 1 Ethernet) >32 byte 2 ARCNET) >32 byte 3 StarLAN) >32 byte 4 PC Network broadband) >32 byte 5 LocalTalk) >32 byte 6 Znet) d37 2 d45 2 a46 2 # the main program that uses that format, but there's also "tcpview", # and there may be others in the future.) @ 1.2.4.1 log @Pull up to last week's -current. @ text @d3 1 a3 1 # sniffer: file(1) magic for packet capture files d7 1 a7 1 # Microsoft Network Monitor capture files. a18 1 # Sorry, make that "Network Associates Sniffer capture files." a20 1 >33 byte 2 (compressed) d23 8 a30 10 >32 byte 0 (Token Ring) >32 byte 1 (Ethernet) >32 byte 2 (ARCNET) >32 byte 3 (StarLAN) >32 byte 4 (PC Network broadband) >32 byte 5 (LocalTalk) >32 byte 6 (Znet) >32 byte 7 (Internetwork Analyzer) >32 byte 9 (FDDI) >32 byte 10 (ATM) a32 2 # Sorry, make that "Network General Sniffer Basic capture files." # Sorry, make that "Network Associates Sniffer Basic capture files." d39 2 a40 2 # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) @ 1.1 log @bring in changes from file-3.22 @ text @d12 5 d26 1 a26 1 >32 byte 2 ARCnet) d32 5 d49 2 a50 2 >20 belong 4 (ProNet >20 belong 5 (Chaos d52 1 a52 1 >20 belong 7 (ARCnet d57 3 d68 2 a69 2 >20 lelong 4 (ProNet >20 lelong 5 (Chaos d71 1 a71 1 >20 lelong 7 (ARCnet d76 3 @ 1.1.1.1 log @file-3.26 @ text @a11 5 >6 leshort 0 (Unknown) >6 leshort 1 (Ethernet) >6 leshort 2 (Token Ring) >6 leshort 3 (FDDI) d21 1 a21 1 >32 byte 2 ARCNET) a26 5 # Cinco Networks NetXRay capture files. # 0 string XCP\0 NetXRay capture file >4 string >\0 - version %s # d39 2 a40 2 >20 belong 4 (ProNET >20 belong 5 (CHAOS d42 1 a42 1 >20 belong 7 (ARCNET a46 3 >20 belong 12 (raw IP >20 belong 13 (BSD/OS SLIP >20 belong 14 (BSD/OS PPP d55 2 a56 2 >20 lelong 4 (ProNET >20 lelong 5 (CHAOS d58 1 a58 1 >20 lelong 7 (ARCNET a62 3 >20 lelong 12 (raw IP >20 lelong 13 (BSD/OS SLIP >20 lelong 14 (BSD/OS PPP @ 1.1.1.2 log @new version of file(1) @ text @d3 1 a3 1 # sniffer: file(1) magic for packet capture files d7 1 a7 1 # Microsoft Network Monitor capture files. a18 1 # Sorry, make that "Network Associates Sniffer capture files." a20 1 >33 byte 2 (compressed) d23 8 a30 10 >32 byte 0 (Token Ring) >32 byte 1 (Ethernet) >32 byte 2 (ARCNET) >32 byte 3 (StarLAN) >32 byte 4 (PC Network broadband) >32 byte 5 (LocalTalk) >32 byte 6 (Znet) >32 byte 7 (Internetwork Analyzer) >32 byte 9 (FDDI) >32 byte 10 (ATM) a32 2 # Sorry, make that "Network General Sniffer Basic capture files." # Sorry, make that "Network Associates Sniffer Basic capture files." d39 2 a40 2 # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) @ 1.1.1.3 log @new file 3.31 @ text @d5 1 a5 1 # From: guy@@alum.mit.edu (Guy Harris) d7 1 a7 3 # # Microsoft Network Monitor 1.x capture files. a17 11 # Microsoft Network Monitor 2.x capture files. # 0 string GMBU NetMon capture file >4 byte x - version %d >5 byte x \b.%d >6 leshort 0 (Unknown) >6 leshort 1 (Ethernet) >6 leshort 2 (Token Ring) >6 leshort 3 (FDDI) # a34 1 a38 2 # Sorry, make that "Network Associates Sniffer Basic, and Windows # Sniffer Pro", capture files." a41 4 >44 leshort 0 (Ethernet) >44 leshort 1 (Token Ring) >44 leshort 2 (FDDI) a85 21 # # AIX "iptrace" capture files. # 0 string iptrace\ 2.0 "iptrace" capture file # # Novell LANalyzer capture files. # 0 leshort 0x1001 LANalyzer capture file 0 leshort 0x1007 LANalyzer capture file # # HP-UX "nettl" capture files. # 0 string \x54\x52\x00\x64\x00 "nettl" capture file # # RADCOM WAN/LAN Analyzer capture files. # 0 string \x42\xd2\x00\x34\x12\x66\x22\x88 RADCOM WAN/LAN Analyzer capture file @ 1.1.1.4 log @file 3.32 @ text @a107 45 # "libpcap"-with-Alexey-Kuznetsov's-patches capture files. # (We call them "tcpdump capture file(s)" for now, as "tcpdump" is # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) # 0 ubelong 0xa1b2cd34 extended tcpdump capture file (big-endian) >4 beshort x - version %d >6 beshort x \b.%d >20 belong 0 (No link-layer encapsulation >20 belong 1 (Ethernet >20 belong 2 (3Mb Ethernet >20 belong 3 (AX.25 >20 belong 4 (ProNET >20 belong 5 (CHAOS >20 belong 6 (IEEE 802.x network >20 belong 7 (ARCNET >20 belong 8 (SLIP >20 belong 9 (PPP >20 belong 10 (FDDI >20 belong 11 (RFC 1483 ATM >20 belong 12 (raw IP >20 belong 13 (BSD/OS SLIP >20 belong 14 (BSD/OS PPP >16 belong x \b, capture length %d) 0 ulelong 0xa1b2cd34 extended tcpdump capture file (little-endian) >4 leshort x - version %d >6 leshort x \b.%d >20 lelong 0 (No link-layer encapsulation >20 lelong 1 (Ethernet >20 lelong 2 (3Mb Ethernet >20 lelong 3 (AX.25 >20 lelong 4 (ProNET >20 lelong 5 (CHAOS >20 lelong 6 (IEEE 802.x network >20 lelong 7 (ARCNET >20 lelong 8 (SLIP >20 lelong 9 (PPP >20 lelong 10 (FDDI >20 lelong 11 (RFC 1483 ATM >20 lelong 12 (raw IP >20 lelong 13 (BSD/OS SLIP >20 lelong 14 (BSD/OS PPP >16 lelong x \b, capture length %d) # @ 1.1.1.5 log @file 3.36 @ text @d77 1 a77 1 >20 belong 6 (Token Ring a85 10 >20 belong 50 (PPP or Cisco HDLC >20 belong 100 (RFC 1483 ATM >20 belong 101 (raw IP >20 belong 102 (BSD/OS SLIP >20 belong 103 (BSD/OS PPP >20 belong 104 (BSD/OS Cisco HDLC >20 belong 105 (Linux Classical IP over ATM >20 belong 108 (OpenBSD loopback >20 belong 109 (OpenBSD IPSEC encrypted >20 belong 113 (Linux "cooked" d96 1 a96 1 >20 lelong 6 (Token Ring a104 10 >20 lelong 50 (PPP or Cisco HDLC >20 lelong 100 (RFC 1483 ATM >20 lelong 101 (raw IP >20 lelong 102 (BSD/OS SLIP >20 lelong 103 (BSD/OS PPP >20 lelong 104 (BSD/OS Cisco HDLC >20 lelong 105 (Linux Classical IP over ATM >20 lelong 108 (OpenBSD loopback >20 lelong 109 (OpenBSD IPSEC encrypted >20 lelong 113 (Linux "cooked" d122 1 a122 1 >20 belong 6 (Token Ring d141 1 a141 1 >20 lelong 6 (Token Ring @ 1.1.1.6 log @file 3.37 @ text @a86 1 >20 belong 51 (PPP-over-Ethernet d92 1 a92 2 >20 belong 105 (802.11 >20 belong 106 (Linux Classical IP over ATM a95 1 >20 belong 114 (LocalTalk a115 1 >20 lelong 51 (PPP-over-Ethernet d121 1 a121 2 >20 lelong 105 (802.11 >20 lelong 106 (Linux Classical IP over ATM a124 1 >20 lelong 114 (LocalTalk a191 8 # # NetStumbler log files. Not really packets, per se, but about as # close as you can get. These are log files from NetStumbler, a # Windows program, that scans for 802.11b networks. # 0 string NetS NetStumbler log file >8 lelong x \b, %d stations found @