diff options
| author | Guy Harris <guy@alum.mit.edu> | 2012-02-28 01:11:11 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2012-02-28 01:11:11 +0000 |
| commit | 76652d9d4a65646af45bbaffa818b775a519bff2 (patch) | |
| tree | ed2ca232bc2fadd5311e549b9daffbea7c035b7c /wiretap/ngsniffer.c | |
| parent | 577e286d8216e8c1c8a4b214790f917baa1ecafd (diff) | |
| download | wireshark-76652d9d4a65646af45bbaffa818b775a519bff2.tar.gz | |
Some more details about REC_HEADER1 and REC_V2DESC; REC_HEADER1 doesn't
appear to contain anything of use to us - too random - but REC_V2DESC
might be worth converting into a comment.
svn path=/trunk/; revision=41215
Diffstat (limited to 'wiretap/ngsniffer.c')
| -rw-r--r-- | wiretap/ngsniffer.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c index 0529cf4c60..b2f07d11fe 100644 --- a/wiretap/ngsniffer.c +++ b/wiretap/ngsniffer.c @@ -83,10 +83,22 @@ static const char ngsniffer_magic[] = { /* * and now for some unknown header types */ -#define REC_HEADER1 6 /* Header containing serial numbers? */ +#define REC_HEADER1 6 /* Header containing various information, + * not yet reverse engineered - some binary, + * some strings (Serial numbers? Names + * under which the software is registered? + * Software version numbers? Mysterious + * strings such as "PA-55X" and "PA-30X" + * and "PA-57X" and "PA-11X"?), some strings + * that are partially overwritten + * ("UNSERIALIZED", "Network General + * Corporation"), differing from major + * version to major version */ #define REC_HEADER2 7 /* Header containing ??? */ #define REC_V2DESC 8 /* In version 2 sniffer traces contains - * infos about this capturing session. + * info about this capturing session, + * in the form of a multi-line string + * with NL as the line separator. * Collides with REC_FRAME4 */ #define REC_HEADER3 13 /* Retransmission counts? */ #define REC_HEADER4 14 /* ? */ |