Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: [Wireshark-dev] Question about two File: libpcap(tcpdump, Ethereal, etc.) , Redh

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Mosly Chang" <moslychang@xxxxxxxxx>
Date: Wed, 15 Nov 2006 15:46:02 +0800
Hi~all~
I have a question, I try to inspect wireshark generated files in hex.

I compare two kinds of  them.
One's File type is "libpcap(tcpdump, Ethereal,etc.)"
the other is "Redhat Linux 6.1 libpcap(tcpdump)"

Their magic numbers are the same 0xd4c3b2a1,
so  when I parse the two files, I can not determine which is libpcap or Redhat Linux6.1 libpcap.
I know libpcap's packet header are 16 bytes, Redhat Linux 6.1 libpcap are 24 bytes, but beside this information,
there is no other information for me to determine which file is what it is.

Does anyone help me or give some link, information????
Thank You!!





--
=============================
=============================
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube