diff options
author | obrien <obrien@FreeBSD.org> | 2000-11-05 08:33:55 +0000 |
---|---|---|
committer | obrien <obrien@FreeBSD.org> | 2000-11-05 08:33:55 +0000 |
commit | 73a570e26c8be2eb28ff624691d53679235db6d7 (patch) | |
tree | 352a2d7da3ad33690cdcf9bc719f97fd4f26bd37 /contrib/file/Magdir/sniffer | |
parent | 714aeaae49d60da4d804c08aeb631f4e81ba86d8 (diff) | |
download | FreeBSD-src-73a570e26c8be2eb28ff624691d53679235db6d7.zip FreeBSD-src-73a570e26c8be2eb28ff624691d53679235db6d7.tar.gz |
Virgin import of FILE 3.32
Diffstat (limited to 'contrib/file/Magdir/sniffer')
-rw-r--r-- | contrib/file/Magdir/sniffer | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/contrib/file/Magdir/sniffer b/contrib/file/Magdir/sniffer new file mode 100644 index 0000000..81cb313 --- /dev/null +++ b/contrib/file/Magdir/sniffer @@ -0,0 +1,171 @@ + +#------------------------------------------------------------------------------ +# sniffer: file(1) magic for packet capture files +# +# From: guy@alum.mit.edu (Guy Harris) +# + +# +# Microsoft Network Monitor 1.x capture files. +# +0 string RTSS NetMon capture file +>4 byte x - version %d +>5 byte x \b.%d +>6 leshort 0 (Unknown) +>6 leshort 1 (Ethernet) +>6 leshort 2 (Token Ring) +>6 leshort 3 (FDDI) + +# +# Microsoft Network Monitor 2.x capture files. +# +0 string GMBU NetMon capture file +>4 byte x - version %d +>5 byte x \b.%d +>6 leshort 0 (Unknown) +>6 leshort 1 (Ethernet) +>6 leshort 2 (Token Ring) +>6 leshort 3 (FDDI) + +# +# Network General Sniffer capture files. +# Sorry, make that "Network Associates Sniffer capture files." +# +0 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file +>33 byte 2 (compressed) +>23 leshort x - version %d +>25 leshort x \b.%d +>32 byte 0 (Token Ring) +>32 byte 1 (Ethernet) +>32 byte 2 (ARCNET) +>32 byte 3 (StarLAN) +>32 byte 4 (PC Network broadband) +>32 byte 5 (LocalTalk) +>32 byte 6 (Znet) +>32 byte 7 (Internetwork Analyzer) +>32 byte 9 (FDDI) +>32 byte 10 (ATM) + +# +# Cinco Networks NetXRay capture files. +# Sorry, make that "Network General Sniffer Basic capture files." +# Sorry, make that "Network Associates Sniffer Basic capture files." +# Sorry, make that "Network Associates Sniffer Basic, and Windows +# Sniffer Pro", capture files." +# +0 string XCP\0 NetXRay capture file +>4 string >\0 - version %s +>44 leshort 0 (Ethernet) +>44 leshort 1 (Token Ring) +>44 leshort 2 (FDDI) + +# +# "libpcap" capture files. +# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is +# the main program that uses that format, but there are other programs +# that use "libpcap", or that use the same capture file format.) +# +0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) +>4 beshort x - version %d +>6 beshort x \b.%d +>20 belong 0 (No link-layer encapsulation +>20 belong 1 (Ethernet +>20 belong 2 (3Mb Ethernet +>20 belong 3 (AX.25 +>20 belong 4 (ProNET +>20 belong 5 (CHAOS +>20 belong 6 (IEEE 802.x network +>20 belong 7 (ARCNET +>20 belong 8 (SLIP +>20 belong 9 (PPP +>20 belong 10 (FDDI +>20 belong 11 (RFC 1483 ATM +>20 belong 12 (raw IP +>20 belong 13 (BSD/OS SLIP +>20 belong 14 (BSD/OS PPP +>16 belong x \b, capture length %d) +0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) +>4 leshort x - version %d +>6 leshort x \b.%d +>20 lelong 0 (No link-layer encapsulation +>20 lelong 1 (Ethernet +>20 lelong 2 (3Mb Ethernet +>20 lelong 3 (AX.25 +>20 lelong 4 (ProNET +>20 lelong 5 (CHAOS +>20 lelong 6 (IEEE 802.x network +>20 lelong 7 (ARCNET +>20 lelong 8 (SLIP +>20 lelong 9 (PPP +>20 lelong 10 (FDDI +>20 lelong 11 (RFC 1483 ATM +>20 lelong 12 (raw IP +>20 lelong 13 (BSD/OS SLIP +>20 lelong 14 (BSD/OS PPP +>16 lelong x \b, capture length %d) + +# +# "libpcap"-with-Alexey-Kuznetsov's-patches capture files. +# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is +# the main program that uses that format, but there are other programs +# that use "libpcap", or that use the same capture file format.) +# +0 ubelong 0xa1b2cd34 extended tcpdump capture file (big-endian) +>4 beshort x - version %d +>6 beshort x \b.%d +>20 belong 0 (No link-layer encapsulation +>20 belong 1 (Ethernet +>20 belong 2 (3Mb Ethernet +>20 belong 3 (AX.25 +>20 belong 4 (ProNET +>20 belong 5 (CHAOS +>20 belong 6 (IEEE 802.x network +>20 belong 7 (ARCNET +>20 belong 8 (SLIP +>20 belong 9 (PPP +>20 belong 10 (FDDI +>20 belong 11 (RFC 1483 ATM +>20 belong 12 (raw IP +>20 belong 13 (BSD/OS SLIP +>20 belong 14 (BSD/OS PPP +>16 belong x \b, capture length %d) +0 ulelong 0xa1b2cd34 extended tcpdump capture file (little-endian) +>4 leshort x - version %d +>6 leshort x \b.%d +>20 lelong 0 (No link-layer encapsulation +>20 lelong 1 (Ethernet +>20 lelong 2 (3Mb Ethernet +>20 lelong 3 (AX.25 +>20 lelong 4 (ProNET +>20 lelong 5 (CHAOS +>20 lelong 6 (IEEE 802.x network +>20 lelong 7 (ARCNET +>20 lelong 8 (SLIP +>20 lelong 9 (PPP +>20 lelong 10 (FDDI +>20 lelong 11 (RFC 1483 ATM +>20 lelong 12 (raw IP +>20 lelong 13 (BSD/OS SLIP +>20 lelong 14 (BSD/OS PPP +>16 lelong x \b, capture length %d) + +# +# AIX "iptrace" capture files. +# +0 string iptrace\ 2.0 "iptrace" capture file + +# +# Novell LANalyzer capture files. +# +0 leshort 0x1001 LANalyzer capture file +0 leshort 0x1007 LANalyzer capture file + +# +# HP-UX "nettl" capture files. +# +0 string \x54\x52\x00\x64\x00 "nettl" capture file + +# +# RADCOM WAN/LAN Analyzer capture files. +# +0 string \x42\xd2\x00\x34\x12\x66\x22\x88 RADCOM WAN/LAN Analyzer capture file |