From a98aa75a5856d1e340413308ad1b0d24276a6a30 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 18 Dec 2003 03:43:40 +0000 Subject: WildPackets' EtherHelp appears to write EtherPeek-compatible files, except that the 0x80 bit is turned on in the file version number field. Turn that bit off before processing that field. svn path=/trunk/; revision=9342 --- wiretap/etherpeek.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'wiretap/etherpeek.c') diff --git a/wiretap/etherpeek.c b/wiretap/etherpeek.c index 13591ab523..53bd8f66f4 100644 --- a/wiretap/etherpeek.c +++ b/wiretap/etherpeek.c @@ -2,7 +2,7 @@ * Routines for opening EtherPeek (and TokenPeek?) files * Copyright (c) 2001, Daniel Thompson * - * $Id: etherpeek.c,v 1.24 2003/10/01 07:11:46 guy Exp $ + * $Id: etherpeek.c,v 1.25 2003/12/18 03:43:40 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez @@ -163,6 +163,20 @@ int etherpeek_open(wtap *wth, int *err) &ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err); wth->data_offset += sizeof(ep_hdr.master); + /* + * It appears that EtherHelp (a free application from WildPackets + * that did blind capture, saving to a file, so that you could + * give the resulting file to somebody with EtherPeek) saved + * captures in EtherPeek format except that it ORed the 0x80 + * bit on in the version number. + * + * We therefore strip off the 0x80 bit in the version number. + * Perhaps there's some reason to care whether the capture + * came from EtherHelp; if we discover one, we should check + * that bit. + */ + ep_hdr.master.version &= ~0x80; + /* switch on the file version */ switch (ep_hdr.master.version) { -- cgit v1.2.3