[Winpcap-users] solaris snoop file

Chintan Bhatt cbhatt at thebeastapps.com
Fri Aug 30 01:23:40 PDT 2013


and Guy , 73 6e 6f 6f does it mean snoop file ?? .
I was told that file was snoop file.Thanks again.


On Fri, Aug 30, 2013 at 1:51 PM, Chintan Bhatt <cbhatt at thebeastapps.com>wrote:

> Thanks a lot Guy.
> It is D4 C3 B2 A1. So it is pcap file.
>
>
> On Fri, Aug 30, 2013 at 1:29 PM, Guy Harris <guy at alum.mit.edu> wrote:
>
>>
>> On Aug 30, 2013, at 12:18 AM, Chintan Bhatt <cbhatt at thebeastapps.com>
>> wrote:
>>
>> > I have wrote my program using winpcap lib.
>> > if((fp = pcap_open_offline(csSourceFile.GetBuffer(), /* name of the
>> device */ errbuf /* error buffer */
>> >  )) == NULL)
>> > {
>> >               fprintf(stderr,
>> > "\nUnable to open the file %s.\n"
>> > , csSourceFile.GetBuffer());
>>
>>         ...
>>
>> > and to my surprise it is not giving errors and i can see ip/udp data
>> headers.
>>
>> Are you certain that the file is, in fact, a snoop file?  For example, if
>> you copy it to a UN*X system that has a version of the "file" command
>> capable of recognizing pcap and snoop files (or if you have such a version
>> of the "file" command on your Windows system, courtesy of Cygwin), what is
>> printed if you run the "file" command on the file?
>>
>> Or, if you dump out the first four bytes of the file in hex, are they:
>>
>>         a1 b2 c3 d4
>>
>> or
>>
>>         d4 c3 b2 a1
>>
>> or
>>
>>         73 6e 6f 6f
>>
>> If they're a1 b2 c3 d4 or d4 c3 b2 a1, rather than 73 6e 6f 6f, it's a
>> pcap file (which libpcap/WinPcap can read), not a snoop file (which no
>> current release of libpcap/WinPcap can handle)?
>>
>> > and FYI, wireshark can read snoop generated capture file.
>>
>> Yes, that's what I said in my reply; as a core Wireshark developer (and
>> the original author of the code in Wireshark that reads snoop files), I'm
>> quite aware of that.
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
>

-- 


This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee and have received this 
message you should not disseminate, distribute or copy this email. Please 
notify the sender immediately by e-mail if you have received this e-mail by 
mistake and delete this e-mail from your system. 18 U.S.C. '2510 et. seq., 
makes it a federal offense punishable by a fine and up to 5 years 
incarceration, for the intentional interception, disclosure, dissemination 
or use of any wire, oral or electronic communication, knowing or having 
reason to know that the information was obtained through illegal 
interception.

 

E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late 
or incomplete, or contain viruses. The sender therefore does not accept 
liability for any errors or omissions in the content of this message which 
arise as a result of e-transmission. If verification is required, please 
request a hard-copy version.

 

TheBeastApps.com reserves the right to monitor and review the content of 
all messages sent to or from this e-mail address, and may store messages 
sent to or from this e-mail address on the TheBeastApps.com  e-mail system 
as part of TheBeastApps.com US Patriot Act Compliance Program.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130830/586f0d80/attachment.html>


More information about the Winpcap-users mailing list