Two questions: tcpdump-capable with ns resolution is not PCAPng, or? Is the structure of netsniff-ng's pcap format documented? What is stored in Hardware/Pkt type and Protocol?
Greetings > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:netsniff- > [email protected]] Im Auftrag von Daniel Borkmann > Gesendet: Montag, 28. Januar 2013 11:16 > An: [email protected] > Betreff: [netsniff-ng] Re: support for different pcap types added > > On Mon, Jan 28, 2013 at 11:04 AM, Daniel Borkmann > <[email protected]> wrote: > > I've just added this into the repository. Features and supported types > > can be seen with: > > > > netsniff-ng -D > > > > Types can be selected with their magic number, e.g.: > > > > netsniff-ng --in eth0 --out dump.pcap --silent -T 0xa1b2c3d4 > > --bind-cpu 0 > > It's obvious, but just for the record: the -T argument is only needed for > writing pcaps (if one wants to select a different format than the default), for > reading the type is automatically detected. > > > Four types are currently supported: > > > > - tcpdump-capable (default) > > - tcpdump-capable with ns resolution > > - Alexey Kuznetsov' pcap format > > - netsniff-ng's pcap format > > > > How they differ, as mentioned, can be seen with netsniff-ng -D. It was > > quite an invasive change, so do not yet use it right away in your > > production environment until it digested for a week or so in the > > repository. ;-) > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group, send email to netsniff- > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
