I am preparing the tcpdump 4.6.0 release. There are a bunch of test cases that fail on my desktop. Travis shows no failures, and I'm investigating.
There has been discussion at the IETF about standardizing PCAPNG, and I was just wondering where we were in actually using it ourselves! It's better than I had feared, but worse than I'd hoped. As far as I can tell, we have support in libpcap for reading from pcapng save files, but we do not have in libpcap support for writing in that format, nor do we have a way to tell tcpdump to output to a specific kind of savefile. (Please correct me if I'm wrong) PCAPNG is magic 0x1A2BC3D4. PCAP is magic 0xa1b23c4d. I would have liked if PCAPNG had used the same magic, and actually just bumped the PCAP_VERSION_MAJOR... Did anyone tell the /bin/file people about the PCAPNG magic number? Anyway, I'm thinking that there should be another tcpdump 4.x release that writes to pcap format by default, but has an option to force output format to pcapng, and then a 5.x release that defaults to writing pcapng. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
