Browse Prior Art Database

Snoop Version 2 Packet Capture File Format (RFC1761)

IP.com Disclosure Number: IPCOM000004012D
Original Publication Date: 1995-Feb-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 5 page(s) / 10K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Callaghan: AUTHOR [+2]

Abstract

This paper describes the file format used by "snoop", a packet monitoring and capture program developed by Sun. This paper is provided so that people can write compatible programs to generate and interpret snoop packet capture files.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 27% of the total text.

Network Working Group B. Callaghan

Request for Comments: 1761 R. Gilligan

Category: Informational Sun Microsystems, Inc.

February 1995

Snoop Version 2 Packet Capture File Format

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

This paper describes the file format used by "snoop", a packet

monitoring and capture program developed by Sun. This paper is

provided so that people can write compatible programs to generate and

interpret snoop packet capture files.

1. Introduction

The availability of tools to capture, display and interpret packets

traversing a network has proven extremely useful in debugging

networking problems. The ability to capture packets and store them

for later analysis allows one to de-couple the tasks of collecting

information about a network problem and analysing that information.

The "snoop" program, developed by Sun, has the ability to capture

packets and store them in a file, and can interpret the packets

stored in capture files. This RFC describes the file format that the

snoop program uses to store captured packets. This paper was written

so that others may write programs to interpret the capture files

generated by snoop, or create capture files that can be interpreted

by snoop.

2. File Format

The snoop packet capture file is an array of octets structured as

follows:

+------------------------+

| |

| File Header |

| |

+------------------------+

| |

| Packet Record |

~ Number 1 ~

| |

+------------------------+

. .

. .

. .

+------------------------+

| |

| Packet Record |

~ Number N ~

| |

+------------------------+

The File Header is a fixed-length field containing general

information about the packet file and the format of the packet

records it contains. One or more variable-length Packet Record

fields follow the File Header field. Each Packet Record field holds

the data of on...