今天看到了一個有關封包 header 的資訊,把他記錄下來
不過不知道是一般就這樣,還是只有 Smart Sniff 抓下來的封包是這樣?
The structure of .ssp file (SmartSniff Packets File)
The structure of .ssp file saved by SmartSniff is very a simple. It contains one main header in the beginning of the file, followed by sequence of all TCP/IP packets, each of them begins with a small header.
The main header structure:
00 - SMSNF200 signature.
08 - (2 bytes) The number of bytes in the header (currently 4 bytes for the IP Address)
0A - (4 bytes) IP Address
Header of each packet:
00 (2 Bytes) packet header size (currently 0x18 bytes)
02 (4 Bytes) number of received bytes in packet.
06 (8 Bytes) Packet time in Windows FILETIME format.
0E (6 Bytes) Source Mac Address.
14 (6 Bytes) Dest. Mac Address.
1A The remaining bytes are the TCP/IP packet itself.
沒有留言:
張貼留言