|
CommView and CommView for
WiFi use the data format described below for writing captured
packets to .NCF files. This is an open data format that you can use
for processing log files generated by CommView in your
applications, as well as for exchanging data with your application
directly (this method is described in this help file).
The packets are recorded
consecutively. A 24-byte header, the structure of which is given
below, prepends each packet body. All header fields with the length
exceeding 1 byte use little-endian byte order.
| Field name |
Length
(bytes)
|
Description |
| Data Length |
2
|
The length of the packet body that follows the header |
| Source Data Length |
2
|
The original length of the packet body that follows the header
(without compression). If no compression is being used, the value
of this field is equal to the value of the previous field. |
| Version |
1
|
Packet format version (0 for the current implementation) |
| Year |
2
|
Packet date (year) |
| Month |
1
|
Packet date (month) |
| Day |
1
|
Packet date (day) |
| Hours |
1
|
Packet time (hours) |
| Minutes |
1
|
Packet time (minutes) |
| Seconds |
1
|
Packet time (seconds) |
| Microseconds |
4
|
Packet time (microseconds) |
| Flags |
1
|
Bit flags:
| Medium |
0...3
|
Medium type for the packet (0 - Ethernet, 1 - WiFi, 2 - Token
Ring) |
| Decrypted |
4
|
The packet has been decrypted (applicable to WiFi packets
only) |
| Broken |
5
|
The packet was corrupted, i.e. had the incorrect CRC value
(applicable to WiFi packets only) |
| Compressed |
6
|
The packet is stored in compressed form |
| Reserved |
7
|
Reserved |
|
| Signal Level |
1
|
Signal level in percents (applicable to WiFi packets only) |
| Rate |
1
|
Data transmission rate in Mbps multiplied by 2 (applicable to
WiFi packets only) |
| Band |
1
|
Transmission band. 0x01 for 802.11a, 0x02 for 802.11b, 0x04 for
802.11g, 0x08 for 802.11a-turbo, 0x10 for 802.11 SuperG, 0x20 for
4.9 GHz Public Safety, 0x40 for 5 GHz 802.11n, 0x80 for 2.4 GHz
802.11n.(applicable to WiFi packets only) |
| Channel |
1
|
Channel number (applicable to WiFi packets only) |
| Direction |
1
|
For non-WiFi packets, packet direction. 0x00 for pass-through,
0x01 for inbound, 0x02 for outbound. For WiFi packets, the high
order byte for the packet rate, if the one-byte Rate field cannot
accommodate the value (i.e. the value is higher than 255). |
| Signal Level (dBm) |
1
|
Signal level in dBm (applicable to WiFi packets only) |
| Noise Level (dBm) |
1
|
Noise level in dBm (applicable to WiFi packets only) |
| Data |
...
|
Packet body (unmodified, as transmitted over the media). If the
compression flag is set, the data is compressed using the publicly
available Zlib 1.1.4 library. The length of this field is recorded
in Data Length. |
The total header length is
24 bytes.
If packets are stored in
the compressed form, the Data Length field contains the length of
data after compression, whilst the Source Length field contains the
original data length. If a packet is uncompressed, both fields
contain the same value.
|
