Wireshark · Ethereal-dev: [Ethereal-dev] Network Associates .ENC capture files

Ethereal-dev: [Ethereal-dev] Network Associates .ENC capture files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Tim Vale" <tvale@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 9 Jan 2002 15:35:45 -0000

I am trying to decypher the format of "Network Associates .ENC (DOS-based)" capture files.

I have sofar got to isolating the actual recorded packets in the file, each with a 20 character header with the packet length
characters 13 to 15 - but - I am looking specifically now at identifying where in this file packet header is the packet recieved
time offset (have a suspiscion that it is in characters 7 to 10 but can't see where) - and where in the 55 character initial
preamble of the file is the start date and time (again a suspiscion that it is at characters 28 to 30 and characters 48 to 55).

Does anyone have the decode for this file format or know how to decypher the headers ?

Cheers

Tim Vale
Frantic Networks Limited

EMail: tvale@xxxxxxxxxxxxxxxxxxxx
Web: www.frantic-networks.com

Follow-Ups:
- [Ethereal-dev] Is there a NIC that can filter on multiple MAC addresses?
  - From: Mike Bendickson
- Re: [Ethereal-dev] Network Associates .ENC capture files
  - From: Guy Harris

Prev by Date: [Ethereal-dev] a small packet-icmpv6.c fix
Next by Date: [Ethereal-dev] Is there a NIC that can filter on multiple MAC addresses?
Previous by thread: Re: [Ethereal-dev] a small packet-icmpv6.c fix
Next by thread: [Ethereal-dev] Is there a NIC that can filter on multiple MAC addresses?
Index(es):
- Date
- Thread