зверь, обнюхивающий пакеты (the packet sniffing beast)
PCAP FORMATS:
netsniff-ng supports a couple of pcap formats, visible through
``netsniff-ng -D'':
tcpdump-capable pcap (default)
Pcap magic number is encoded as 0xa1b2c3d4 resp.
0xd4c3b2a1. As packet meta data this format contains the
timeval in microseconds, the original packet length and
the captured packet length.
tcpdump-capable pcap with ns resolution
Pcap magic number is encoded as 0xa1b23c4d resp.
0x4d3cb2a1. As packet meta data this format contains the
timeval in nanoseconds, the original packet length and the
captured packet length.
Alexey Kuznetzov's pcap
Pcap magic number is encoded as 0xa1b2cd34 resp.
0x34cdb2a1. As packet meta data this format contains the
timeval in microseconds, the original packet length, the
captured packet length, the interface index (sll_ifindex),
the packet's protocol (sll_protocol), and the packet type
(sll_pkttype).
netsniff-ng pcap
Pcap magic number is encoded as 0xa1e2cb12 resp.
0x12cbe2a1. As packet meta data this format contains the
timeval in nanoseconds, the original packet length, the
captured packet length, the timestamp hw/sw source, the
interface index (sll_ifindex), the packet's protocol
(sll_protocol), the packet type (sll_pkttype) and the
hardware type (sll_hatype).
For further implementation details or format support in your
application, have a look at pcap_io.h in the netsniff-ng sources.
