new pcap-ng format.

author Christos Zoulas <christos@zoulas.com>

Wed, 22 Jun 2011 15:40:47 +0000 (15:40 +0000)

committer Christos Zoulas <christos@zoulas.com>

Wed, 22 Jun 2011 15:40:47 +0000 (15:40 +0000)
author Christos Zoulas <christos@zoulas.com>
Wed, 22 Jun 2011 15:40:47 +0000 (15:40 +0000)
committer Christos Zoulas <christos@zoulas.com>
Wed, 22 Jun 2011 15:40:47 +0000 (15:40 +0000)
diff --git a/magic/Magdir/sniffer b/magic/Magdir/sniffer

index 34150472d4e21dd9a7744d28ddd0a02c8c8309db..5a8d0b61a22dd4f3c3ae1a444d6a2dbcce79e1b5 100644 (file)
--- a/magic/Magdir/sniffer
+++ b/magic/Magdir/sniffer
@@ -1,6 +1,6 @@
  
  #------------------------------------------------------------------------------
-# $File: sniffer,v 1.14 2009/09/19 16:28:12 christos Exp $
+# $File: sniffer,v 1.15 2011/05/13 12:05:56 christos Exp $
  # sniffer:  file(1) magic for packet capture files
  #
  # From: guy@alum.mit.edu (Guy Harris)
@@ -249,6 +249,18 @@
  >20    lelong          14              (BSD/OS PPP
  >16    lelong          x               \b, capture length %d)
  
+#
+# "pcapng" capture files.
+# http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
+#
+0      ubelong         0x0a0d0d0a
+>8     ubelong         0x1a2b3c4d      pcapng capture file (big-endian)
+>>12   beshort         x               - version %d
+>>14   beshort         x               \b.%d
+>8     ulelong         0x1a2b3c4d      pcapng capture file (little-endian)
+>>12   leshort         x               - version %d
+>>14   leshort         x               \b.%d
+
  #
  # AIX "iptrace" capture files.
  #
author	Christos Zoulas <christos@zoulas.com>
	Wed, 22 Jun 2011 15:40:47 +0000 (15:40 +0000)
committer	Christos Zoulas <christos@zoulas.com>
	Wed, 22 Jun 2011 15:40:47 +0000 (15:40 +0000)