RFC 1761 (rfc1761) - Page 1 of 6

Snoop Version 2 Packet Capture File Format

Network Working Group                                       B. Callaghan
Request for Comments: 1761                                   R. Gilligan
Category: Informational                           Sun Microsystems, Inc.
                                                           February 1995


               Snoop Version 2 Packet Capture File Format

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   This paper describes the file format used by "snoop", a packet
   monitoring and capture program developed by Sun.  This paper is
   provided so that people can write compatible programs to generate and
   interpret snoop packet capture files.

1.  Introduction

   The availability of tools to capture, display and interpret packets
   traversing a network has proven extremely useful in debugging
   networking problems.  The ability to capture packets and store them
   for later analysis allows one to de-couple the tasks of collecting
   information about a network problem and analysing that information.
   The "snoop" program, developed by Sun, has the ability to capture
   packets and store them in a file, and can interpret the packets
   stored in capture files.  This RFC describes the file format that the
   snoop program uses to store captured packets.  This paper was written
   so that others may write programs to interpret the capture files
   generated by snoop, or create capture files that can be interpreted
   by snoop.
















Callaghan & Gilligan