and Guy , 73 6e 6f 6f does it mean snoop file ?? . I was told that file was snoop file.Thanks again.
On Fri, Aug 30, 2013 at 1:51 PM, Chintan Bhatt <[email protected]>wrote: > Thanks a lot Guy. > It is D4 C3 B2 A1. So it is pcap file. > > > On Fri, Aug 30, 2013 at 1:29 PM, Guy Harris <[email protected]> wrote: > >> >> On Aug 30, 2013, at 12:18 AM, Chintan Bhatt <[email protected]> >> wrote: >> >> > I have wrote my program using winpcap lib. >> > if((fp = pcap_open_offline(csSourceFile.GetBuffer(), /* name of the >> device */ errbuf /* error buffer */ >> > )) == NULL) >> > { >> > fprintf(stderr, >> > "\nUnable to open the file %s.\n" >> > , csSourceFile.GetBuffer()); >> >> ... >> >> > and to my surprise it is not giving errors and i can see ip/udp data >> headers. >> >> Are you certain that the file is, in fact, a snoop file? For example, if >> you copy it to a UN*X system that has a version of the "file" command >> capable of recognizing pcap and snoop files (or if you have such a version >> of the "file" command on your Windows system, courtesy of Cygwin), what is >> printed if you run the "file" command on the file? >> >> Or, if you dump out the first four bytes of the file in hex, are they: >> >> a1 b2 c3 d4 >> >> or >> >> d4 c3 b2 a1 >> >> or >> >> 73 6e 6f 6f >> >> If they're a1 b2 c3 d4 or d4 c3 b2 a1, rather than 73 6e 6f 6f, it's a >> pcap file (which libpcap/WinPcap can read), not a snoop file (which no >> current release of libpcap/WinPcap can handle)? >> >> > and FYI, wireshark can read snoop generated capture file. >> >> Yes, that's what I said in my reply; as a core Wireshark developer (and >> the original author of the code in Wireshark that reads snoop files), I'm >> quite aware of that. >> _______________________________________________ >> Winpcap-users mailing list >> [email protected] >> https://www.winpcap.org/mailman/listinfo/winpcap-users >> > > -- This message contains confidential information and is intended only for the individual named. If you are not the named addressee and have received this message you should not disseminate, distribute or copy this email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. 18 U.S.C. '2510 et. seq., makes it a federal offense punishable by a fine and up to 5 years incarceration, for the intentional interception, disclosure, dissemination or use of any wire, oral or electronic communication, knowing or having reason to know that the information was obtained through illegal interception. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the content of this message which arise as a result of e-transmission. If verification is required, please request a hard-copy version. TheBeastApps.com reserves the right to monitor and review the content of all messages sent to or from this e-mail address, and may store messages sent to or from this e-mail address on the TheBeastApps.com e-mail system as part of TheBeastApps.com US Patriot Act Compliance Program.
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
