On Aug 22, 2018, at 1:57 AM, Matwey V. Kornilov <matwey.korni...@gmail.com> wrote:
> Current OpenVizsla data encapsulation format is described here: > https://github.com/matwey/libopenvizsla/wiki/OpenVizsla-protocol-description Why are: the magic header; the size field; needed? The magic number is always the same, so it contains zero bits of information (in the Claude Shannon sense). If the size field is just the number of bytes in the Data field, it's just the total packet size (from the "length" field in pcap files, the "Original Packet Length" field in pcapng Packet Blocks, Enhanced Packet Blocks, and Simple Packet Blocks) minus the number of header bytes prepended (which would just be 5, for the flags and timestamp fields, if none of the fields mentioned above are needed). Presumably the timestamp field is useful because either it doesn't have to be converted to seconds-and-microseconds or seconds-and-nanoseconds units for pcap or 10^-N/2^-N ticks for pcapng or it's a relative timestamp and can't be conveniently converted to an absolute time stamp so that it's not redundant with the timestamp field of the pcap record or pcapng block. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
