Re: How to convert from proprietary format to some generic libpcap format?

[Guy Harris <gharris () sonic net>]

On Tue, Jun 24, 2003 at 01:48:19PM -0700, Ben Greear wrote:
> I see the pcap header in /usr/include/pcap.h,

See also pcap-int.h and savefile.c in the libpcap source.

> but I am curious what the 'normal' values are for things like:
>
>       bpf_u_int32 magic;

TCPDUMP_MAGIC, as defined in "savefile.c".  That number, like all
numbers in libpcap file and record headers, should be written in the
byte order of the host writing out the file (you *could* write them in a
standard byte order, but there is no standard byte order for them in
libpcap files - the byte order is inferred from the byte order in the
magic number).

>       u_short version_major;

PCAP_VERSION_MAJOR, as defined in "pcap.h".

>       u_short version_minor;

PCAP_VERSION_MINOR, as defined in "pcap.h".
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe