http://wiki.wireshark.org/Development/LibpcapFileFormat#File_Format
패킷 헤더의 구조를 알면 패킷을 분석할 때 유용하다. 잘 알아둘 필요가 있다. wireshark에서 제공하는 문서를 잘 이해해 두기 바란다~
The Libpcap's format is following:
Global header | Packet Header | Packet Data | Packet Header | Packet Data | ...
# Global header has the following structure:
typedef struct pcap_hdr_s {
guint32 magic_number; /* magic number */
guint16 version_major; /* major version number */
guint16 version_minor; /* minor version number */
gint32 thiszone; /* GMT to local correction */
guint32 sigfigs; /* accuracy of timestamps */
guint32 snaplen; /* max length of captured packets, in octets */
guint32 network; /* data link type */
} pcap_hdr_t;
# Record (Packet) Header has the following structure:
typedef struct pcaprec_hdr_s {
guint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp microseconds */
guint32 incl_len; /* number of octets of packet saved in file */
guint32 orig_len; /* actual length of packet */
} pcaprec_hdr_t;
No comments:
Post a Comment