From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 22 Jun 2011 15:40:47 +0000 (+0000)
Subject: new pcap-ng format.
X-Git-Tag: FILE5_08~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8bf0ed6e723b9e28f601655a3ffa158baf72e1be;p=file

new pcap-ng format.
---

diff --git a/magic/Magdir/sniffer b/magic/Magdir/sniffer
index 34150472..5a8d0b61 100644
--- a/magic/Magdir/sniffer
+++ b/magic/Magdir/sniffer
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: sniffer,v 1.14 2009/09/19 16:28:12 christos Exp $
+# $File: sniffer,v 1.15 2011/05/13 12:05:56 christos Exp $
 # sniffer:  file(1) magic for packet capture files
 #
 # From: guy@alum.mit.edu (Guy Harris)
@@ -249,6 +249,18 @@
 >20	lelong		14		(BSD/OS PPP
 >16	lelong		x		\b, capture length %d)
 
+#
+# "pcapng" capture files.
+# http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
+#
+0	ubelong		0x0a0d0d0a
+>8	ubelong		0x1a2b3c4d	pcapng capture file (big-endian)
+>>12	beshort		x		- version %d
+>>14	beshort		x		\b.%d
+>8	ulelong		0x1a2b3c4d	pcapng capture file (little-endian)
+>>12	leshort		x		- version %d
+>>14	leshort		x		\b.%d
+
 #
 # AIX "iptrace" capture files.
 #