728x90
libpcap file format
1. Global Header - 24bytes
typedef struct pcap_hdr_s { guint32 magic_number; /* magic number */ guint16 version_major; /* major version number */ guint16 version_minor; /* minor version number */ gint32 thiszone; /* GMT to local correction */ guint32 sigfigs; /* accuracy of timestamps */ guint32 snaplen; /* max length of captured packets, in octets */ guint32 network; /* data link type */} pcap_hdr_t;
2. Packet Header - 16bytes
typedef struct pcaprec_hdr_s { guint32 ts_sec; /* timestamp seconds */ guint32 ts_usec; /* timestamp microseconds */ guint32 incl_len; /* number of octets of packet saved in file */ guint32 orig_len; /* actual length of packet */} pcaprec_hdr_t;- incl_len : pcap file안에 저장되어 있는 패킷 데이터의 길이. orig_len이나 snaplen보다 클 수 없다.
- orig_len : 실제 네트워크 상에서 캡처된 패킷 데이터의 길이.
728x90
'콤퓨타 > Network' 카테고리의 다른 글
| Control Plane vs Data Plane (0) | 2013.02.20 |
|---|---|
| router (0) | 2013.02.20 |
| 3way handshake 바이트수 (0) | 2013.02.20 |
| port 15000 (0) | 2013.02.20 |
| Local DNS Server (0) | 2013.02.20 |
댓글