[Winpcap-users] solaris snoop file

Chintan Bhatt cbhatt at thebeastapps.com
Fri Aug 30 00:18:53 PDT 2013 

Thanks Guy for your reply.

I have wrote my program using winpcap lib.

if((fp = pcap_open_offline(csSourceFile.GetBuffer(), /* name of the
device */ errbuf /* error buffer */ )) == NULL)
{
		fprintf(stderr, "\nUnable to open the file %s.\n", csSourceFile.GetBuffer());
		return 0;
}
 /* Retrieve the packets from the file */long iCounter=1;while((res =
pcap_next_ex(fp, &header, &pkt_data)) >= 0)

.....

and to my surprise it is not giving errors and i can see ip/udp data headers.

and FYI, wireshark can read snoop generated capture file.
(http://wiki.wireshark.org/snoop)


On Fri, Aug 30, 2013 at 12:30 PM, Guy Harris <guy at alum.mit.edu> wrote:

>
> On Aug 29, 2013, at 10:17 PM, Chintan Bhatt <cbhatt at thebeastapps.com>
> wrote:
>
> > I have opened solaris snoop file using winpcap lib.
>
> What program did you use?  (If it's Wireshark, it was *NOT* opened using
> WinPcap!  Wireshark has its *OWN* library for reading capture files, which
> *IS* capable of reading snoop files, as well as pcap files, pcap-ng files,
> and a number of other capture file types.)
>
> > It's opened !!!!!!!!!.
> >
> > I have seen that snoop has different packet capture file format,
> >
> > how winpcap able to read ??
>
> It's *not* able to read it, unless you have some special version of
> WinPcap.  Something else must have happened.  (For example, if you read it
> with Wireshark, something else happened - as indicated above, it was read
> with Wireshark's Wiretap library, *NOT* with WinPcap.)
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

-- 


This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee and have received this 
message you should not disseminate, distribute or copy this email. Please 
notify the sender immediately by e-mail if you have received this e-mail by 
mistake and delete this e-mail from your system. 18 U.S.C. '2510 et. seq., 
makes it a federal offense punishable by a fine and up to 5 years 
incarceration, for the intentional interception, disclosure, dissemination 
or use of any wire, oral or electronic communication, knowing or having 
reason to know that the information was obtained through illegal 
interception.

 

E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late 
or incomplete, or contain viruses. The sender therefore does not accept 
liability for any errors or omissions in the content of this message which 
arise as a result of e-transmission. If verification is required, please 
request a hard-copy version.

 

TheBeastApps.com reserves the right to monitor and review the content of 
all messages sent to or from this e-mail address, and may store messages 
sent to or from this e-mail address on the TheBeastApps.com  e-mail system 
as part of TheBeastApps.com US Patriot Act Compliance Program.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130830/0939c3dd/attachment.html>

More information about the Winpcap-users mailing list