samoht
commented
8 years ago Is there a spec somewhere?
Open copy opened 8 years ago
samoht
commented
8 years ago Is there a spec somewhere?
copy
commented
8 years ago I haven't been able to find one, there's a BSD-licensed implementation here: https://github.com/the-tcpdump-group/libpcap/blob/master/sf-pcap.c The only difference seems to be the use of this packet structure.
There's a extended version of the pcap format, which is also supported by libpcap with a magic value of 0xa1b2cd34. This format is created by some routers when creating a traffic capture (and probably also by other tools).