diff options
Diffstat (limited to 'usr.bin/file/Magdir/sniffer')
| -rw-r--r-- | usr.bin/file/Magdir/sniffer | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/usr.bin/file/Magdir/sniffer b/usr.bin/file/Magdir/sniffer deleted file mode 100644 index 861ec8c85dd3..000000000000 --- a/usr.bin/file/Magdir/sniffer +++ /dev/null @@ -1,63 +0,0 @@ - -#------------------------------------------------------------------------------ -# sniffer: file(1) magic for packet captured files -# -# From: guy@netapp.com (Guy Harris) -# -# Microsoft NetMon (packet capture/display program) capture files. -# -0 string RTSS NetMon capture file ->4 byte x - version %d ->5 byte x \b.%d -# -# Network General Sniffer capture files (the Sniffer software does, -# after all, run under MS-DOS...). -# -0 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file ->23 leshort x - version %d ->25 leshort x \b.%d ->33 byte x (Format %d, ->32 byte 0 Token ring) ->32 byte 1 Ethernet) ->32 byte 2 ARCnet) ->32 byte 3 StarLAN) ->32 byte 4 PC Network broadband) ->32 byte 5 LocalTalk) ->32 byte 6 Znet) -# -# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is -# the main program that uses that format, but there's also "tcpview", -# and there may be others in the future.) -# -0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) ->4 beshort x - version %d ->6 beshort x \b.%d ->20 belong 0 (No link-layer encapsulation ->20 belong 1 (Ethernet ->20 belong 2 (3Mb Ethernet ->20 belong 3 (AX.25 ->20 belong 4 (ProNet ->20 belong 5 (Chaos ->20 belong 6 (IEEE 802.x network ->20 belong 7 (ARCnet ->20 belong 8 (SLIP ->20 belong 9 (PPP ->20 belong 10 (FDDI ->20 belong 11 (RFC 1483 ATM ->16 belong x \b, capture length %d) -0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) ->4 leshort x - version %d ->6 leshort x \b.%d ->20 lelong 0 (No link-layer encapsulation ->20 lelong 1 (Ethernet ->20 lelong 2 (3Mb Ethernet ->20 lelong 3 (AX.25 ->20 lelong 4 (ProNet ->20 lelong 5 (Chaos ->20 lelong 6 (IEEE 802.x network ->20 lelong 7 (ARCnet ->20 lelong 8 (SLIP ->20 lelong 9 (PPP ->20 lelong 10 (FDDI ->20 lelong 11 (RFC 1483 ATM ->16 lelong x \b, capture length %d) |