Hello list:
I am looking at ethereal (and tcpdump) packet captures with a hex editor
as part of a perl scripting assignment. I noticed that the capture file
has some kind header of its own followed by a line separator, and then the
packet starts. You can see another separator between all packets.
#########################
D4 C3 B2 A1 02 00 04 00 00 00 00 00 00 00 00 00
60 00 00 00 01 00 00 00 38 07 73 44 D9 1C 08 00
60 00 00 00 72 00 00 00 00 12 3F 20 FE 4F 00 11
D8 AC A9 22 08 00 45 10 00 64 34 5E 40 00 40 06
70 6F C0 A8 0A 02 C0 A8 0A 64 D7 9C 00 16 CC 79
07 EC 05 3D 5C 86 80 18 1C 28 21 FA 00 00 01 01
08 0A 01 48 2E 21 8F 70 42 3D 0C F3 75 BA B9 1D
8F 4C 4B 0C 97 29 46 0C 32 34 2C 2D B4 A8 DD CC
50 98 3A 1F 2B 9C A8 8A 38 07 73 44 D5 1D 08 00
60 00 00 00 72 00 00 00 00 11 D8 AC A9 22 00 12
3F 20 FE 4F 08 00 45 10 00 64 6B F9 40 00 40 06
38 D4 C0 A8 0A 64 C0 A8 0A 02 00 16 D7 9C 05 3D
5C 86 CC 79 08 1C 80 18 08 70 05 72 00 00 01 01
08 0A 8F 70 57 EE 01 48 2E 21 54 45 6B 51 FC 93
BA B4 A6 A7 3D DF 53 82 4A B7 53 82 E9 A2 7D 5F
07 B8 04 78 60 27 0F 3E 38 07 73 44 FE 1D 08 00
42 00 00 00 42 00 00 00 00 12 3F 20 FE 4F 00 11
#########################
The header takes the first 24 octets, followed by what I am calling the
16-octet separator (found between all packets), and you can clearly see
where the ethernet frame starts. My question is, does anyone know what
those two lines added by the packet capture program mean? Is there a
description of the fields that make up these two lines anywhere on the
website?
Thanks in advance,
/////////////////////////////////////
Ronald Vincent Vazquez
Senior Unix Systems Administrator
Senior Network Manager
Christ Tabernacle Church Ministries
http://www.ctcministries.org/
(301) 540-9394 Home
(240) 401-9192 Cell
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users