On Thu, Nov 11, 1999 at 12:31:59PM -0600, Farley, Tim (ISSAtlanta) wrote:
>
>
> On a related note, has anyone ever looked at reverse engineering the
> compressed Sniffer file format? I've been thinking about doing it since I
> keep running into these files, but I don't want to duplicate effort.
I've looked at it a little bit, but many months ago. Before I left my previous
employer, where I had access to the NG Sniffer, I made some small trace files,
with 1 to 5 packets in each, and saved them as both compressed and uncompressed.
It's a nice little mathematical puzzle to figure out; but I do not have
the free time to spend look at it any more. There's a lot of diapers in my
life right now.... :)
If someone wants to work on it and does not have access to NG sniffer, I can
provide my sample files.
--gilbert
