<div dir="ltr">and Guy , <span style="font-family:arial,sans-serif;font-size:13px">73 6e 6f 6f does it mean snoop file ??</span> .<div>I was told that file was snoop file.Thanks again.</div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Fri, Aug 30, 2013 at 1:51 PM, Chintan Bhatt <span dir="ltr"><<a href="mailto:cbhatt@thebeastapps.com" target="_blank">cbhatt@thebeastapps.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Thanks a lot Guy. <div>It is D4 C3 B2 A1. So it is pcap file.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 30, 2013 at 1:29 PM, Guy Harris <span dir="ltr"><<a href="mailto:guy@alum.mit.edu" target="_blank">guy@alum.mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br>
On Aug 30, 2013, at 12:18 AM, Chintan Bhatt <<a href="mailto:cbhatt@thebeastapps.com" target="_blank">cbhatt@thebeastapps.com</a>> wrote:<br>
<br>
> I have wrote my program using winpcap lib.<br>
> if((fp = pcap_open_offline(csSourceFile.GetBuffer(), /* name of the device */ errbuf /* error buffer */<br>
> )) == NULL)<br>
> {<br>
> fprintf(stderr,<br>
> "\nUnable to open the file %s.\n"<br>
> , csSourceFile.GetBuffer());<br>
<br>
</div><div> ...<br>
<br>
> and to my surprise it is not giving errors and i can see ip/udp data headers.<br>
<br>
</div>Are you certain that the file is, in fact, a snoop file? For example, if you copy it to a UN*X system that has a version of the "file" command capable of recognizing pcap and snoop files (or if you have such a version of the "file" command on your Windows system, courtesy of Cygwin), what is printed if you run the "file" command on the file?<br>
<br>
Or, if you dump out the first four bytes of the file in hex, are they:<br>
<br>
a1 b2 c3 d4<br>
<br>
or<br>
<br>
d4 c3 b2 a1<br>
<br>
or<br>
<br>
73 6e 6f 6f<br>
<br>
If they're a1 b2 c3 d4 or d4 c3 b2 a1, rather than 73 6e 6f 6f, it's a pcap file (which libpcap/WinPcap can read), not a snoop file (which no current release of libpcap/WinPcap can handle)?<br>
<div><br>
> and FYI, wireshark can read snoop generated capture file.<br>
<br>
</div>Yes, that's what I said in my reply; as a core Wireshark developer (and the original author of the code in Wireshark that reads snoop files), I'm quite aware of that.<br>
<div><div>_______________________________________________<br>
Winpcap-users mailing list<br>
<a href="mailto:Winpcap-users@winpcap.org" target="_blank">Winpcap-users@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>
<p><span style="FONT-SIZE:10pt;FONT-FAMILY:'Arial','sans-serif'">This message contains
confidential information and is intended only for the individual named. If you
are not the named addressee and have received this message you should not
disseminate, distribute or copy this email. Please notify the sender immediately
by e-mail if you have received this e-mail by mistake and delete this e-mail
from your system. 18 U.S.C. '2510 et. seq., makes it a federal offense
punishable by a fine and up to 5 years incarceration, for the intentional
interception, disclosure, dissemination or use of any wire, oral or electronic
communication, knowing or having reason to know that the information was
obtained through illegal interception.</span></p>
<p> </p>
<p><span style="FONT-SIZE:10pt;FONT-FAMILY:'Arial','sans-serif'">E-mail transmission
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain
viruses. The sender therefore does not accept liability for any errors or
omissions in the content of this message which arise as a result of
e-transmission. If verification is required, please request a hard-copy
version.</span></p>
<p> </p>
<p><span style="FONT-SIZE:10pt;FONT-FAMILY:'Arial','sans-serif'">TheBeastApps.com
reserves the right to monitor and review the content of all messages sent to or
from this e-mail address, and may store messages sent to or from this e-mail
address on the TheBeastApps.com e-mail system as part of TheBeastApps.com US
Patriot Act Compliance Program.</span></p>