On Thu, Nov 11, 1999 at 12:31PM, I wrote:
>> On a related note, has anyone ever looked at reverse engineering the
>> compressed Sniffer file format?
On Thu, Nov 11, 1999 at 1:56 PM, Gilbert Ramirez [mailto:gram@xxxxxxxxxx]
wrote:
>It's a nice little mathematical puzzle to figure out; but I do not have
>the free time to spend look at it any more.
On Thu, Nov 11, 1999 at 2:38 PM, Guy Harris [mailto:guy@xxxxxxxxxx] wrote:
>I looked at it a while ago, but all I managed to figure out is that it
>might be a combination of run-length encoding and some "string
>dictionary" compresson scheme such as LZ.
Just as an update:
I have made some progress on this. It turns out it is a ridiculously simple
scheme that can be handled in a single function of less than 100 lines of C.
It's all RLE stuff, the only strangeness is how it is encoded. No LZ
component at all, at least in the captures I've got access to.
Still working out a few details. Once I have code for it working in my
internal C++ capture conversion tool, I'll post something so we can support
it in Ethereal.
=====================================
Tim Farley
Software Engineer
tfarley@xxxxxxx
Internet Security Systems, Inc.
(678) 443-6000 / Direct Dial (678) 443-6189 / fax (678) 443-6479
http://www.iss.net
Adaptive Network Security for the Enterprise
=====================================
