 | 1 | initial version |
Hi,
your libpcap header format seems wrong (for example fields like major and minor versions are 2 bytes long, not 1, the network type is 4 bytes long and not 2 bytes long, etc...). Please refer to https://wiki.wireshark.org/Development/LibpcapFileFormat for a description of the format, and pay attention to fields that are more than 1 byte long (guint16, guint32...): you should write them properly so that Wireshark can guess your machine endianness.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
