[Winpcap-users] solaris snoop file
Chintan Bhatt
cbhatt at thebeastapps.com
Fri Aug 30 01:21:35 PDT 2013
Thanks a lot Guy.
It is D4 C3 B2 A1. So it is pcap file.
On Fri, Aug 30, 2013 at 1:29 PM, Guy Harris <guy at alum.mit.edu> wrote:
>
> On Aug 30, 2013, at 12:18 AM, Chintan Bhatt <cbhatt at thebeastapps.com>
> wrote:
>
> > I have wrote my program using winpcap lib.
> > if((fp = pcap_open_offline(csSourceFile.GetBuffer(), /* name of the
> device */ errbuf /* error buffer */
> > )) == NULL)
> > {
> > fprintf(stderr,
> > "\nUnable to open the file %s.\n"
> > , csSourceFile.GetBuffer());
>
> ...
>
> > and to my surprise it is not giving errors and i can see ip/udp data
> headers.
>
> Are you certain that the file is, in fact, a snoop file? For example, if
> you copy it to a UN*X system that has a version of the "file" command
> capable of recognizing pcap and snoop files (or if you have such a version
> of the "file" command on your Windows system, courtesy of Cygwin), what is
> printed if you run the "file" command on the file?
>
> Or, if you dump out the first four bytes of the file in hex, are they:
>
> a1 b2 c3 d4
>
> or
>
> d4 c3 b2 a1
>
> or
>
> 73 6e 6f 6f
>
> If they're a1 b2 c3 d4 or d4 c3 b2 a1, rather than 73 6e 6f 6f, it's a
> pcap file (which libpcap/WinPcap can read), not a snoop file (which no
> current release of libpcap/WinPcap can handle)?
>
> > and FYI, wireshark can read snoop generated capture file.
>
> Yes, that's what I said in my reply; as a core Wireshark developer (and
> the original author of the code in Wireshark that reads snoop files), I'm
> quite aware of that.
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
--
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee and have received this
message you should not disseminate, distribute or copy this email. Please
notify the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system. 18 U.S.C. '2510 et. seq.,
makes it a federal offense punishable by a fine and up to 5 years
incarceration, for the intentional interception, disclosure, dissemination
or use of any wire, oral or electronic communication, knowing or having
reason to know that the information was obtained through illegal
interception.
E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the content of this message which
arise as a result of e-transmission. If verification is required, please
request a hard-copy version.
TheBeastApps.com reserves the right to monitor and review the content of
all messages sent to or from this e-mail address, and may store messages
sent to or from this e-mail address on the TheBeastApps.com e-mail system
as part of TheBeastApps.com US Patriot Act Compliance Program.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130830/82fc75dc/attachment-0001.html>
More information about the Winpcap-users
mailing list