Browse Prior Art Database

Snoop Version 2 Packet Capture File Format (RFC1761)

IP.com Disclosure Number: IPCOM000004012D
Original Publication Date: 1995-Feb-01
Included in the Prior Art Database: 2019-Feb-12
Document File: 6 page(s) / 6K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Callaghan: AUTHOR [+1]

Related Documents

10.17487/RFC1761: DOI

Abstract

This paper describes the file format used by "snoop", a packet monitoring and capture program developed by Sun. This paper is provided so that people can write compatible programs to generate and interpret snoop packet capture files. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 40% of the total text.

Network Working Group B. Callaghan Request for Comments: 1761 R. Gilligan Category: Informational Sun Microsystems, Inc. February 1995

Snoop Version 2 Packet Capture File Format

Status of this Memo

This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Abstract

This paper describes the file format used by "snoop", a packet monitoring and capture program developed by Sun. This paper is provided so that people can write compatible programs to generate and interpret snoop packet capture files.

1. Introduction

The availability of tools to capture, display and interpret packets traversing a network has proven extremely useful in debugging networking problems. The ability to capture packets and store them for later analysis allows one to de-couple the tasks of collecting information about a network problem and analysing that information. The "snoop" program, developed by Sun, has the ability to capture packets and store them in a file, and can interpret the packets stored in capture files. This RFC describes the file format that the snoop program uses to store captured packets. This paper was written so that others may write programs to interpret the capture files generated by snoop, or create capture files that can be interpreted by snoop.

Callaghan & Gilligan [Page 1]

RFC 1761 Snoop Packet Capture File Format February 1995

2. File Format

The snoop packet capture file is an array of octets structured as follows:

+------------------------+ | | | File Header | | | +------------------------+ | | | Packet Record | ˜ Number 1 ˜ | | +------------------------+ . . . . . . +------------------------+ | | | Packet Record | ˜ Number N ˜ | | +------------------------+

The File Header is a fixed-length field containing general information about the packet file and the format of the packet records it contains. One or more variable-length Packet Record fields follow the File Header field. Each Packet Record field holds the data of one captured packet.

3. File Header

The structure of the File Header is as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Identification Pattern + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version Number = 2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Datalink Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Callaghan & Gilligan [Page 2]

RFC 1761 Snoop Packet Capture File Format February 1995

Identification Pattern:

A 64-bit (8 octet) pattern used to identify the file as a snoop packet capture file. The Identification Pattern consists of the 8 hexadecimal octets:

73 6E 6F 6F 70 00 00 00

This is the ASCII string "snoop" followed by three null octets.

Version Number:

A 32-bit (4 octet) unsigned integer value representing the version of the packet capture file being used. This document describes version number 2. (Version n...

Processing...
Loading...