I have analysed the global header of a PCAP file and found out that the magic number is: d4 c3 b2 a1
This means that it uses a little endian and all the bytes that come after it need to processed in reverse order. The other sections of the global header are as follows:
major version = 02 00
minor version = 04 00
time zone = 00 00 00 00
timestamp = 00 00 00 00
snaplen = ff …