void ReadHeader()
{
var headerStart = _reader.ReadBytes(3); // PKT
if (Encoding.ASCII.GetString(headerStart) != "PKT")
{
// pkt does not have a header
_reader.BaseStream.Position = 0;
return;
}
pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version
int additionalLength;
switch (pktVersion)
{
case PktVersion.V2_1:
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(40); // session key
break;
case PktVersion.V2_2:
_reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(20); // packet key
_reader.ReadBytes(64); // realm name
break;
case PktVersion.V3_0:
_reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
additionalLength = _reader.ReadInt32();
_reader.ReadBytes(additionalLength);
break;
case PktVersion.V3_1:
_reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
additionalLength = _reader.ReadInt32();
_reader.ReadBytes(additionalLength);
break;
default:
// not supported version - let's assume the PKT bytes were a coincidence
_reader.BaseStream.Position = 0;
break;
}
}
void ReadHeader()
{
var headerStart = _reader.ReadBytes(3); // PKT
if (Encoding.ASCII.GetString(headerStart) != "PKT")
{
// file does not have a header
_reader.BaseStream.Position = 0;
return;
}
_pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version
int additionalLength;
switch (_pktVersion)
{
case PktVersion.V2_1:
{
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(40); // session key
break;
}
case PktVersion.V2_2:
{
_snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(20); // packet key
_reader.ReadBytes(64); // realm name
break;
}
case PktVersion.V3_0:
{
_snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
additionalLength = _reader.ReadInt32();
var preAdditionalPos = _reader.BaseStream.Position;
_reader.ReadBytes(additionalLength);
var postAdditionalPos = _reader.BaseStream.Position;
if (_snifferId == 10) // xyla
{
_reader.BaseStream.Position = preAdditionalPos;
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
_reader.BaseStream.Position = postAdditionalPos;
}
break;
}
case PktVersion.V3_1:
{
_snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
additionalLength = _reader.ReadInt32();
var optionalData = _reader.ReadBytes(additionalLength);
if (_snifferId == 'S') // WSTC
{
// versions 1.5 and older store human readable sniffer description string in header
// version 1.6 adds 3 bytes before that data, 0xFF separator, one byte for major version and one byte for minor version, expecting 0x0106 for 1.6
if (additionalLength >= 3 && optionalData[0] == 0xFF)
_snifferVersion = BitConverter.ToInt16(optionalData, 1);
else
_snifferVersion = 0x0105;
}
break;
}
default:
{
// not supported version - let's assume the PKT bytes were a coincidence
_reader.BaseStream.Position = 0;
break;
}
}
}
void ReadHeader()
{
var headerStart = _reader.ReadBytes(3); // PKT
if (Encoding.ASCII.GetString(headerStart) != "PKT")
{
// pkt does not have a header
_reader.BaseStream.Position = 0;
return;
}
_pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version
int additionalLength;
switch (_pktVersion)
{
case PktVersion.V2_1:
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(40); // session key
break;
case PktVersion.V2_2:
_reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(20); // packet key
_reader.ReadBytes(64); // realm name
break;
case PktVersion.V3_0:
{
var snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
additionalLength = _reader.ReadInt32();
var preAdditionalPos = _reader.BaseStream.Position;
_reader.ReadBytes(additionalLength);
var postAdditionalPos = _reader.BaseStream.Position;
if (snifferId == 10) // xyla
{
_reader.BaseStream.Position = preAdditionalPos;
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
_reader.BaseStream.Position = postAdditionalPos;
}
break;
}
case PktVersion.V3_1:
_reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
additionalLength = _reader.ReadInt32();
_reader.ReadBytes(additionalLength);
break;
default:
// not supported version - let's assume the PKT bytes were a coincidence
_reader.BaseStream.Position = 0;
break;
}
}
void ReadHeader()
{
var headerStart = _reader.ReadBytes(3); // PKT
if (Encoding.ASCII.GetString(headerStart) != "PKT")
{
// file does not have a header
_reader.BaseStream.Position = 0;
return;
}
_pktVersion = (PktVersion)_reader.ReadUInt16(); // sniff version
int additionalLength;
switch (_pktVersion)
{
case PktVersion.V2_1:
{
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(40); // session key
break;
}
case PktVersion.V2_2:
{
_snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt16()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(20); // packet key
_reader.ReadBytes(64); // realm name
break;
}
case PktVersion.V3_0:
{
_snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
additionalLength = _reader.ReadInt32();
var preAdditionalPos = _reader.BaseStream.Position;
_reader.ReadBytes(additionalLength);
var postAdditionalPos = _reader.BaseStream.Position;
if (_snifferId == 10) // xyla
{
_reader.BaseStream.Position = preAdditionalPos;
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
_reader.BaseStream.Position = postAdditionalPos;
}
break;
}
case PktVersion.V3_1:
{
_snifferId = _reader.ReadByte(); // sniffer id
SetBuild(_reader.ReadUInt32()); // client build
_reader.ReadBytes(4); // client locale
_reader.ReadBytes(40); // session key
_startTime = Utilities.GetDateTimeFromUnixTime(_reader.ReadUInt32()); // start time
_startTickCount = _reader.ReadUInt32(); // start tick count
additionalLength = _reader.ReadInt32();
var optionalData = _reader.ReadBytes(additionalLength);
if (_snifferId == 'S') // WSTC
{
// versions 1.5 and older store human readable sniffer description string in header
// version 1.6 adds 3 bytes before that data, 0xFF separator, one byte for major version and one byte for minor version, expecting 0x0106 for 1.6
if (additionalLength >= 3 && optionalData[0] == 0xFF)
{
_snifferVersion = BitConverter.ToInt16(optionalData, 1);
}
else
{
_snifferVersion = 0x0105;
}
}
break;
}
default:
{
// not supported version - let's assume the PKT bytes were a coincidence
_reader.BaseStream.Position = 0;
break;
}
}
}
