Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

How do I interpret record headers in windump binary captures?

How do I interpret record headers in windump binary captures?

How do I interpret record headers in windump binary captures?

I'm learning to read network packets in binary format, capturing with windump in Win XP, and viewing with 010 Editor.  Having studied the tcpdump man page, I'm using this ...

windump -e -f -n -c 1 -i 4 -s 0 -w capture.bin

For example, I randomly captured a 62 byte SYN packet to a disk array.  I've managed to decode all 62 bytes in the actual packet (ethernet, IPv4 and TCP layers).  However, I just don't get how to interpret the 40 byte prefix that windump apparently added (which I am calling the record header).  I know that it must include a timestamp.  Anyway, the first 40 bytes are ...

0xD4 0xC3 0xB2 0xA1 0x02 0x00 0x04 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0xFF 0xFF 0x00 0x00
0x01 0x00 0x00 0x00 0x28 0xA2 0xCE 0x4B 0xA6 0x7A
0x0B 0x00 0x3E 0x00 0x00 0x00 0x3E 0x00 0x00 0x00

How do I determine the byte by byte meaning of that?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close