Skip Menu |

This queue is for tickets about the File-PCAP CPAN distribution.

Report information
The Basics
Id: 123819
Status: open
Priority: 0/
Queue: File-PCAP
People
Owner: mamawe [...] cpan.org
Requestors: Konstantin [...] Tokar.RU
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Dec 04 22:33:28 2017 Konstantin [...] Tokar.RU - Ticket created
Subject: Invalid magick numbers and timestamp conversion
Date: Tue, 5 Dec 2017 06:32:53 +0300
To: bug-File-PCAP [...] rt.cpan.org
From: Konstantin Tokar <konstantin [...] tokar.ru>
A pcap file with a magic number of 0xa1b23c4d or 0x4d3cb2a1 is a pcap file in which the packet time stamps are in seconds and nanoseconds. A pcap file with a magic number of 0xa1b2c3d4 or 0xd4c3b2a1 is a "regular" pcap file in which the packet time stamps are in seconds and microseconds. 0xa1b23c4d == 2712812621 0x4d3cb2a1 == 1295823521 0xa1b2c3d4 == 2712847316 0xd4c3b2a1 == 3569595041 sub _read_pcap_global_header { my ($self) = @_; my $fh = $self->{fh}; my ($magic,$vmajor,$vminor,$tzone,$sigfigs,$snaplen,$dlt) = unpack("LSSlLLL",<$fh>); if (2712847316 == $magic || 2712812621 == $magic) { Best regards Konstantin Tokar
  Tue Dec 12 20:19:07 2017 mamawe [...] cpan.org - Correspondence added
Hi Konstantin, I don't see what's your point here. On Mon Dec 04 22:33:28 2017, Konstantin@Tokar.RU wrote: Show quoted text
> A pcap file with a magic number of 0xa1b23c4d or 0x4d3cb2a1 is a pcap file > in which the packet time stamps are in seconds and nanoseconds. > > A pcap file with a magic number of 0xa1b2c3d4 or 0xd4c3b2a1 is a "regular" > pcap file in which the packet time stamps are in seconds and microseconds.
I chose to allow only the two magic numbers with identical byte ordering since I don't have access to a file with swapped byte ordering and didn't want to add code that I could not test. Show quoted text
> > 0xa1b23c4d == 2712812621 > 0x4d3cb2a1 == 1295823521 > 0xa1b2c3d4 == 2712847316 > 0xd4c3b2a1 == 3569595041 > > sub _read_pcap_global_header { > my ($self) = @_; > my $fh = $self->{fh}; > my ($magic,$vmajor,$vminor,$tzone,$sigfigs,$snaplen,$dlt) = > unpack("LSSlLLL",<$fh>); > if (2712847316 == $magic || 2712812621 == $magic) { > > > > Best regards > Konstantin Tokar
Kind regards, Mathias
  Tue Dec 12 20:19:08 2017 The RT System itself - Status changed from 'new' to 'open'
  Tue Dec 12 21:55:53 2017 mamawe [...] cpan.org - Taken
  Thu Jun 27 09:55:08 2019 LBE [...] cpan.org - Correspondence added
Show quoted text
> I chose to allow only the two magic numbers with identical byte > ordering since I don't have access to a file with swapped byte > ordering and didn't want to add code that I could not test.
Please place this information in the documentation. I also attempted to open a pcapng file that was captured using a little endian machine. I had to open and read the source code to realize that this module only supported big endian files. Thanks, lbe
  Tue Jul 09 09:23:54 2019 mamawe [...] cpan.org - Correspondence added
Am Do 27. Jun 2019, 09:55:08, LBE schrieb: Show quoted text
> > I chose to allow only the two magic numbers with identical byte > > ordering since I don't have access to a file with swapped byte > > ordering and didn't want to add code that I could not test.
> > Please place this information in the documentation. I also attempted > to open a pcapng file that was captured using a little endian machine. > I had to open and read the source code to realize that this module > only supported big endian files. > > Thanks, lbe
Actually this module only supports files with the same endianness as the machine it is running on. I have only access to little endian machines and files. If you can provide me with a PCAP file that was written on a big endian machine, I could add code to read files with the other endianness if this is feasible. Kind regards, Mathias