Hi Benoit, libpcap is a very basic format that can be used to store network packet contents together with a very limited set of meta information, mostly timestamps and length information.
More recent packet captures often require storing additional meta information, like the number of packets that could not be captured for performance reasons, lists of interfaces that the capture was performed on, name resolution tables that allow displaying FQDNs instead/together with IPs in network analysis solutions like Wireshark, comments and annotations of packets, etc. PCAPng does allow storing this kind of information and is designed to be extensible. Cheers, Jasper Wednesday, July 16, 2014, 5:29:47 PM, you wrote: > Hi Michael, > You wrote: > One of the most accepted packet interchange > formats is the one defined by libpcap, which is rather old and is > lacking in functionality for more modern applications particularly > from the extensibility point of view. > Can you please expand. > Regards, Benoit >> On 26 Jun 2014, at 19:29, Michael Tuexen <[email protected]> >> wrote: >> >>> Dear all, >>> >>> I have submitted an ID describing the default packet format format >>> used by Wireshark for saving capture files: >>> http://www.ietf.org/internet-drafts/draft-tuexen-opswg-pcapng-00.txt >> Wrong name... Use >> http://www.ietf.org/internet-drafts/draft-tuexen-opsawg-pcapng-00.txt >>> Is there any interest in the WG to work on this and improve it? >>> >>> Any comments are welcome! >>> >>> Best regards >>> Michael >>> >>> _______________________________________________ >>> OPSAWG mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/opsawg >>> >> _______________________________________________ >> OPSAWG mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/opsawg >>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
