Sniffer Trace Header /* * sniffer_trace.h * * This file contains the format of Sniffer trace files. Information on * the data files is available from the Sniffer Network Analyzer Operations * Manual, Chapter 7. * * The first 16 bytes contain a text message and end-of-file character * (0x1A). Each trace file contains an arbitrary number of variable-length * records. The three principle types are: * * - Version record * - Frame record * - End-of-file record (Consists of no data, only header) * * Note: All multibyte fields (Sniffer calculated) are stored in least * significant byte first. Frame data stored in transmitted order. * * Note: 2 byte (16-bit) integers. */ #define DEBUG 1 /* Turn on debugging. */ #define INT unsigned short /* Shoot for portable analysis */ #define CHAR unsigned char #define LIBI(X) (X >> 8) | (X << 8) #define MAXDATA 2048 /* Maximum data size */ /* Record types */ #define REC_VERS 1 /* Version record */ #define REC_FRAME 4 /* Frame data */ #define REC_EOF 3 /* End-of-file */ /* Standard Record Header */ typedef struct { INT type; /* Type of record */ INT length; /* Length of remainder of record */ INT rsvd; /* Reserved word, currently 0 */ } Header_Record; /* ==== Version Record ==== */ /* * Network types: */ #define N_TOKEN_RING 0 /* Token Ring */ #define N_ETHERNET 1 /* Ethernet */ #define N_ARCNET 2 /* ARCNET */ #define N_STARLAN 3 /* StarLAN */ #define N_PC_NETWORK 4 /* PC broadband network */ #define N_LOCALTALK 5 /* Localtalk */ #define N_ZNET 6 /* Znet */ #define N_SYNCHRO 7 /* WAN/Synchronous */ /* * Timeunit values: */ #define T_UNSPEC 0 /* Unspecified, default by network */ #define T_PC 1 /* 0.838096 microsecond unit */ #define T_3COM 2 /* 15.00000 mircosecond unit */ #define T_MICOM 3 /* 0.500000 microsecond unit */ #define T_SYTEK 4 /* 2.000000 microsecond unit */ float netunits[4] = { 0.838096, 15.00000, 0.500000, 2.000000 }; /* * Date record used on Sniffer: */ typedef struct { INT value[2]; /* Place holder */ } DATE; /* * Format of version record: */ typedef struct { INT maj_vers; /* Major version of analyzer */ INT min_vers; /* Minor version */ DATE date; /* DOS date & time (4 bytes) */ CHAR type; /* Type of records follow */ CHAR network; /* Network type */ CHAR format; /* Format version */ CHAR timeunit; /* Frame timestamp unit */ INT rsvd[3]; /* Reserved words */ } Version_Record; /* ==== Frame Data Record ==== */ typedef struct { INT time_low; /* Low time in units */ INT time_mid; /* Mid time in units */ CHAR time_high; /* High time in units */ CHAR time_day; /* Time since start of capture */ INT size; /* Number of bytes written */ CHAR frame_status; /* Frame error status bits */ CHAR flags; /* Internal use */ INT true_size; /* Size of original frame != 0 */ INT rsvd; /* Reserved */ } Frame_Record; /* ==== Data Record ==== */ typedef struct { CHAR data[MAXDATA]; /* Rest of frame data */ INT length; } Data_Record; /* * Prototypes for support routines: */ FILE *open_trace(char *); void close_trace(FILE *); void read_header(); void read_frame(); void read_version(); void read_data(); void skip(); --------------------------------------------------------------------------- Bill Kirchhoff Sun Jul 28 14:38:55 EDT 1996