#
# "pcap-ng" capture files.
# http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
# Pcap-ng files can contain multiple sections. Printing the endianness,
# snaplen, or other information from the first SHB may be misleading.
#
0       string          \x0a\x0d\x0d\x0a\x1a\x2b\x3c\x4d    Pcap-ng capture file, big-endian,
>12     beshort         x                                   version %d
>14     beshort         x                                   \b.%d

0       string          \x0a\x0d\x0d\x0a\x4d\x3c\x2b\x1a    Pcap-ng capture file, little-endian,
>12     leshort         x                                   version %d
>14     leshort         x                                   \b.%d

#
# "libpcap" capture files.
#
0       string          \xa1\xb2\xc3\xd4\x00        Libpcap capture file, big-endian,
>4      beshort         >2                          {invalid}
>4      beshort         x                           version %d
>6      beshort         x                           \b.%d,
>20     belong          0                           (No link-layer encapsulation
>20     belong          1                           (Ethernet
>20     belong          2                           (3Mb Ethernet
>20     belong          3                           (AX.25
>20     belong          4                           (ProNET
>20     belong          5                           (CHAOS
>20     belong          6                           (Token Ring
>20     belong          7                           (BSD ARCNET
>20     belong          8                           (SLIP
>20     belong          9                           (PPP
>20     belong          10                          (FDDI
>20     belong          11                          (RFC 1483 ATM
>20     belong          12                          (raw IP
>20     belong          13                          (BSD/OS SLIP
>20     belong          14                          (BSD/OS PPP
>20     belong          19                          (Linux ATM Classical IP
>20     belong          50                          (PPP or Cisco HDLC
>20     belong          51                          (PPP-over-Ethernet
>20     belong          99                          (Symantec Enterprise Firewall
>20     belong          100                         (RFC 1483 ATM
>20     belong          101                         (raw IP
>20     belong          102                         (BSD/OS SLIP
>20     belong          103                         (BSD/OS PPP
>20     belong          104                         (BSD/OS Cisco HDLC
>20     belong          105                         (802.11
>20     belong          106                         (Linux Classical IP over ATM
>20     belong          107                         (Frame Relay
>20     belong          108                         (OpenBSD loopback
>20     belong          109                         (OpenBSD IPsec encrypted
>20     belong          112                         (Cisco HDLC
>20     belong          113                         (Linux "cooked"
>20     belong          114                         (LocalTalk
>20     belong          117                         (OpenBSD PFLOG
>20     belong          119                         (802.11 with Prism header
>20     belong          122                         (RFC 2625 IP over Fibre Channel
>20     belong          123                         (SunATM
>20     belong          127                         (802.11 with radiotap header
>20     belong          129                         (Linux ARCNET
>20     belong          138                         (Apple IP over IEEE 1394
>20     belong          140                         (MTP2
>20     belong          141                         (MTP3
>20     belong          143                         (DOCSIS
>20     belong          144                         (IrDA
>20     belong          147                         (Private use 0
>20     belong          148                         (Private use 1
>20     belong          149                         (Private use 2
>20     belong          150                         (Private use 3
>20     belong          151                         (Private use 4
>20     belong          152                         (Private use 5
>20     belong          153                         (Private use 6
>20     belong          154                         (Private use 7
>20     belong          155                         (Private use 8
>20     belong          156                         (Private use 9
>20     belong          157                         (Private use 10
>20     belong          158                         (Private use 11
>20     belong          159                         (Private use 12
>20     belong          160                         (Private use 13
>20     belong          161                         (Private use 14
>20     belong          162                         (Private use 15
>20     belong          163                         (802.11 with AVS header
>20     belong          >163                        {invalid}(invalid link layer
>20     belong          <0                          {invalid}(invalid link layer
>16     belong          x                           \b, snaplen: %d)

0       lelong          0xa1b2c3d4      Libpcap capture file, little-endian,
>4      leshort         >2              {invalid}
>4      leshort         <0              {invalid}
>4      leshort         x               version %d
>6      leshort         x               \b.%d,
>20     lelong          0               (No link-layer encapsulation
>20     lelong          1               (Ethernet
>20     lelong          2               (3Mb Ethernet
>20     lelong          3               (AX.25
>20     lelong          4               (ProNET
>20     lelong          5               (CHAOS
>20     lelong          6               (Token Ring
>20     lelong          7               (ARCNET
>20     lelong          8               (SLIP
>20     lelong          9               (PPP
>20     lelong          10              (FDDI
>20     lelong          11              (RFC 1483 ATM
>20     lelong          12              (raw IP
>20     lelong          13              (BSD/OS SLIP
>20     lelong          14              (BSD/OS PPP
>20     lelong          19              (Linux ATM Classical IP
>20     lelong          50              (PPP or Cisco HDLC
>20     lelong          51              (PPP-over-Ethernet
>20     lelong          99              (Symantec Enterprise Firewall
>20     lelong          100             (RFC 1483 ATM
>20     lelong          101             (raw IP
>20     lelong          102             (BSD/OS SLIP
>20     lelong          103             (BSD/OS PPP
>20     lelong          104             (BSD/OS Cisco HDLC
>20     lelong          105             (802.11
>20     lelong          106             (Linux Classical IP over ATM
>20     lelong          107             (Frame Relay
>20     lelong          108             (OpenBSD loopback
>20     lelong          109             (OpenBSD IPsec encrypted
>20     lelong          112             (Cisco HDLC
>20     lelong          113             (Linux "cooked"
>20     lelong          114             (LocalTalk
>20     lelong          117             (OpenBSD PFLOG
>20     lelong          119             (802.11 with Prism header
>20     lelong          122             (RFC 2625 IP over Fibre Channel
>20     lelong          123             (SunATM
>20     lelong          127             (802.11 with radiotap header
>20     lelong          129             (Linux ARCNET
>20     lelong          138             (Apple IP over IEEE 1394
>20     lelong          140             (MTP2
>20     lelong          141             (MTP3
>20     lelong          143             (DOCSIS
>20     lelong          144             (IrDA
>20     lelong          147             (Private use 0
>20     lelong          148             (Private use 1
>20     lelong          149             (Private use 2
>20     lelong          150             (Private use 3
>20     lelong          151             (Private use 4
>20     lelong          152             (Private use 5
>20     lelong          153             (Private use 6
>20     lelong          154             (Private use 7
>20     lelong          155             (Private use 8
>20     lelong          156             (Private use 9
>20     lelong          157             (Private use 10
>20     lelong          158             (Private use 11
>20     lelong          159             (Private use 12
>20     lelong          160             (Private use 13
>20     lelong          161             (Private use 14
>20     lelong          162             (Private use 15
>20     lelong          163             (802.11 with AVS header
>20     lelong          >163            {invalid}(invalid link layer
>20     lelong          <0              {invalid}(invalid link layer
>16     lelong          x               \b, snaplen: %d)

