RFC 1761 Snoop Packet Capture File Format February 1995 2. File Format The snoop packet capture file is an array of octets structured as follows: +------------------------+ | | | File Header | | | +------------------------+ | | | Packet Record | ~ Number 1 ~ | | +------------------------+ . . . . . . +------------------------+ | | | Packet Record | ~ Number N ~ | | +------------------------+ The File Header is a fixed-length field containing general information about the packet file and the format of the packet records it contains. One or more variable-length Packet Record fields follow the File Header field. Each Packet Record field holds the data of one captured packet. 3. File Header The structure of the File Header is as follows: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Identification Pattern + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version Number = 2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Datalink Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Callaghan & Gilligan