On Aug 30, 2013, at 12:18 AM, Chintan Bhatt <[email protected]> wrote:
> I have wrote my program using winpcap lib.
> if((fp = pcap_open_offline(csSourceFile.GetBuffer(), /* name of the device */
> errbuf /* error buffer */
> )) == NULL)
> {
> fprintf(stderr,
> "\nUnable to open the file %s.\n"
> , csSourceFile.GetBuffer());
...
> and to my surprise it is not giving errors and i can see ip/udp data headers.
Are you certain that the file is, in fact, a snoop file? For example, if you
copy it to a UN*X system that has a version of the "file" command capable of
recognizing pcap and snoop files (or if you have such a version of the "file"
command on your Windows system, courtesy of Cygwin), what is printed if you run
the "file" command on the file?
Or, if you dump out the first four bytes of the file in hex, are they:
a1 b2 c3 d4
or
d4 c3 b2 a1
or
73 6e 6f 6f
If they're a1 b2 c3 d4 or d4 c3 b2 a1, rather than 73 6e 6f 6f, it's a pcap
file (which libpcap/WinPcap can read), not a snoop file (which no current
release of libpcap/WinPcap can handle)?
> and FYI, wireshark can read snoop generated capture file.
Yes, that's what I said in my reply; as a core Wireshark developer (and the
original author of the code in Wireshark that reads snoop files), I'm quite
aware of that.
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users
