Some more details about REC_HEADER1 and REC_V2DESC; REC_HEADER1 doesn't
authorguy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>
Tue, 28 Feb 2012 01:11:11 +0000 (01:11 +0000)
committerguy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>
Tue, 28 Feb 2012 01:11:11 +0000 (01:11 +0000)
appear to contain anything of use to us - too random - but REC_V2DESC
might be worth converting into a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@41215 f5534014-38df-0310-8fa8-9805f1628bb7

wiretap/ngsniffer.c

index 0529cf4..b2f07d1 100644 (file)
@@ -83,10 +83,22 @@ static const char ngsniffer_magic[] = {
 /*
  * and now for some unknown header types
  */
-#define REC_HEADER1    6       /* Header containing serial numbers? */
+#define REC_HEADER1    6       /* Header containing various information,
+                                * not yet reverse engineered - some binary,
+                                * some strings (Serial numbers?  Names
+                                * under which the software is registered?
+                                * Software version numbers?  Mysterious
+                                * strings such as "PA-55X" and "PA-30X"
+                                * and "PA-57X" and "PA-11X"?), some strings
+                                * that are partially overwritten
+                                * ("UNSERIALIZED", "Network General
+                                * Corporation"), differing from major
+                                * version to major version */
 #define REC_HEADER2    7       /* Header containing ??? */
 #define REC_V2DESC     8       /* In version 2 sniffer traces contains
-                                * infos about this capturing session.
+                                * info about this capturing session,
+                                * in the form of a multi-line string
+                                * with NL as the line separator.
                                 * Collides with REC_FRAME4 */
 #define REC_HEADER3    13      /* Retransmission counts? */
 #define REC_HEADER4    14      /* ? */