RFC1761 - Snoop Version 2 Packet Capture File Format, FEBRUARY 1995
本备忘录的状态
本备忘录为互联网社区提供帮助信息。 本备忘录不作为任何类型的互联网标准。 本备忘录的分发不受限制。
Status of this Memo
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
摘要
本文介绍了 Sun 公司开发的数据包监控和捕获程序 "snoop "所使用的文件格式。 提供本文是为了使人们能够编写兼容的程序来生成和解释 snoop 数据包捕获文件。
Abstract
This paper describes the file format used by "snoop", a packet monitoring and capture program developed by Sun. This paper is provided so that people can write compatible programs to generate and interpret snoop packet capture files.
1. Introduction [ 介绍 ]
事实证明,捕获、显示和解释穿越网络的数据包的工具在调试网络问题时非常有用。 捕获数据包并将其存储起来以备日后分析的能力使人们能够将收集网络问题信息和分析这些信息的任务分离开来。Sun 公司开发的 "snoop "程序能够捕获数据包并将其存储到文件中,还能解释存储在捕获文件中的数据包。 本 RFC 描述了窥探程序用于存储捕获数据包的文件格式。 撰写本文的目的是让其他人可以编写程序来解释由 snoop 生成的捕获文件,或创建可由 snoop 解释的捕获文件。
The availability of tools to capture, display and interpret packets traversing a network has proven extremely useful in debugging networking problems. The ability to capture packets and store them for later analysis allows one to de-couple the tasks of collecting information about a network problem and analysing that information. The "snoop" program, developed by Sun, has the ability to capture packets and store them in a file, and can interpret the packets stored in capture files. This RFC describes the file format that the snoop program uses to store captured packets. This paper was written so that others may write programs to interpret the capture files generated by snoop, or create capture files that can be interpreted by snoop.
2. File Format [ 文件格式 ]
窥探数据包捕获文件是一个数组,结构如下:
The snoop packet capture file is an array of octets structured as follows:
+------------------------+
| |
| File Header |
| |
+------------------------+
| |
| Packet Record |
~ Number 1 ~
| |
+------------------------+
. .
. .
. .
+------------------------+
| &nb