[
https://issues.apache.org/jira/browse/TIKA-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725960#comment-17725960
]
Tim Allison edited comment on TIKA-4002 at 5/24/23 9:53 PM:
------------------------------------------------------------
Turns out we have detection for basic pcap, but not the next gen pcap. Some of
the files in common crawl (with .pcapng extensions!) start with (literally)
0A0D0D0A then 4 bytes then 4D3C2B1A
According to:
https://www.ietf.org/staging/draft-tuexen-opsawg-pcapng-02.html#section_shb we
should look for 0A0D0D0A....then the magic for regular pcap
So it looks like siegfried is getting it wrong?!
was (Author: [email protected]):
Turns out we have detection for basic pcap, but not the next gen pcap. Some of
the files in common crawl (with .pcapng extensions!) start with (literally)
0A0D0D0A70040000 then 4D3C2B1A
According to:
https://www.ietf.org/staging/draft-tuexen-opsawg-pcapng-02.html#section_shb we
should look for 0A0D0D0A....then the magic for regular pcap
So it looks like siegfried is getting it wrong?!
> application/vnd.tcpdump.pcapng
> ------------------------------
>
> Key: TIKA-4002
> URL: https://issues.apache.org/jira/browse/TIKA-4002
> Project: Tika
> Issue Type: Sub-task
> Reporter: Tim Allison
> Priority: Major
> Attachments: fmt_779_pcap_Packet_Capture_small_capture.pcap
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
