Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] 答复:答复: how can i op en the package of iris saved
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Fri, 1 Feb 2008 15:07:43 +0000 (UTC)
A quick look shows the basic format of this iris.cap
file to be:
<File header>
<1 byte version string length>
<version string>
<Record>
<12 byte record header>
<2 byte frame length (little-endian)>
<10 bytes ??>
<frame>
<Record>
...
>From the iris.cap file
08 49 72 69 73 20 76 2e 31 .Iris v.1B
42 00 00 00 1c 0d 99 59 9c 64 c8 01
... (0x42 byte frame #1)
42 00 00 00 1c 0d 99 59 9c 64 c8 01
...
36 00 00 00 1c 0d 99 59 9c 64 c8 01
...
13 01 00 00 1c 0d 99 59 9c 64 c8 01
...
36 00 00 00 1c 0d 99 59 9c 64 c8 01
... (0x36 byte frame #5: 'pad' bytes not stored)
Interestingly, the 10 bytes after the length
in each record header are the same.
I would have expected them to show some sign of an increasing
frame time.
- Follow-Ups:
- Re: [Wireshark-users] 答复:答复: how can i open t he package of iris saved
- From: medved medved
- Re: [Wireshark-users] 答复:答复: how can i open t he package of iris saved
- References:
- [Wireshark-users] 答复: 答复: how can i ope n the package of iris saved
- From: dxf206_163
- [Wireshark-users] 答复: 答复: how can i ope n the package of iris saved
- Prev by Date: [Wireshark-users] 答复: 答复: how can i ope n the package of iris saved
- Next by Date: Re: [Wireshark-users] 答复:答复: how can i open t he package of iris saved
- Previous by thread: [Wireshark-users] 答复: 答复: how can i ope n the package of iris saved
- Next by thread: Re: [Wireshark-users] 答复:答复: how can i open t he package of iris saved
- Index(es):