Ethereal: Re: [Ethereal-users] capture file documentation

Ethereal-users: August 2005

Subject: Re: [Ethereal-users] capture file documentation
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 05 Aug 2005 09:34:54 -0700

Jeff Morriss wrote:

See:
http://wiki.ethereal.com/Development_2fLibpcapFileFormat

And also note that it's called "libpcap" format because it's the format that libpcap uses, i.e. you almost always don't have to write your own code to read and write it.

Furthermore, note that, at some point, we will be using pcap-NG format:

	http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

and:

if a program uses libpcap, rebuilding it with a new version of libpcap (or installing a new libpcap shared library, if your program is built with a shared libpcap) will enable it to read pcap-NG files (if they don't use features of pcap-NG, such as the ability to have packets of different link-layer types in the same capture, that can't be handled by the current API);

if a program has its own code to read libpcap files, it won't be able to read pcap-NG files without being changed to do so.

Follow-Ups:
- [Ethereal-users] Ethereal 0.10.12 Build Error OS X 10.4.2
  - From: Claude V. Lucas

References:
- [Ethereal-users] Re: Re: Re: again: Follow TCP Stream decoder plugins
  - From: Fulcrum
- Re: [Ethereal-users] Re: Re: Re: again: Follow TCP Stream decoder plugins
  - From: Guy Harris
- [Ethereal-users] capture file documentation
  - From: ESQuicksall_Misc
- Re: [Ethereal-users] capture file documentation
  - From: Jeff Morriss

Prev by Date: [Ethereal-users] Possible Anomaly in tethereal -z stats system
Next by Date: Re: [Ethereal-users] Fw: [TCP retransmission] is missing in .11
Previous by thread: Re: [Ethereal-users] capture file documentation
Next by thread: [Ethereal-users] Ethereal 0.10.12 Build Error OS X 10.4.2
Index(es):
- Date
- Thread