Re: Omnivorous Shark

[Guy Harris <guy () alum mit edu>]

On Feb 4, 2014, at 5:05 AM, Michal Labedzki <michal.labedzki () tieto com> wrote:

> Also let think about cases:
> 1. I think that my file is PCAP, but Wireshark opens cannot open it
> --> Broken file
> 2. I think that my file is PCAP, but Wireshark opens it as MP2T and it
> seems that output is not correct --> Broken file?

Definitely a broken file, as that would only happen if the first four bytes of the family weren't a pcap magic number.

Is that likely to happen?

If you replace pcap in your examples with a format that has no magic number - that's what we describe as "heuristics"; 
we don't consider checking for a magic number to be a heuristic - that might be a better example.  Replace it with ERF, 
for example.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe