ocaml-pcap icon indicating copy to clipboard operation
ocaml-pcap copied to clipboard

Published 20 hours ago verified publisher icon mirage

Extended pcap format

Open copy opened this issue 9 years ago • 2 comments

There's a extended version of the pcap format, which is also supported by libpcap with a magic value of 0xa1b2cd34. This format is created by some routers when creating a traffic capture (and probably also by other tools).

copy avatar Sep 22 '16 15:09 copy

Is there a spec somewhere?

samoht avatar Sep 22 '16 20:09 samoht

I haven't been able to find one, there's a BSD-licensed implementation here: https://github.com/the-tcpdump-group/libpcap/blob/master/sf-pcap.c The only difference seems to be the use of this packet structure.

copy avatar Sep 22 '16 21:09 copy