>>>>> "Rick" == Rick Crawford <[EMAIL PROTECTED]> writes:
Rick> Can you give me any doc on the file format produced by "tcpdump
Rick> -w"?
Rick> The "-t" option won't suppress timestamps there, so how may bytes
Rick> comprise a timestamp, and how should they be interpreted?
Rick> Most importantly, is each packet record a fixed length?
Rick> If (hopefully) so, what's the length for IP vs. Ethernet packets,
Rick> and is the format just a raw dump of the header, or has tcpdump
Rick> already "interpreted" it (and if so, how do I interpret that)?
Rick> Desperately seeking guidance,
tcpdump -w format is written in libpcap format.
"man 3 pcap"
The records are not fixed length.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
