Michael Richardson <[email protected]> wrote: > Joe Clarke (jclarke) <[email protected]> wrote: >> I agree that pcap is ready to go. >> I'll double check just to be sure.
>> [JMC] Give me the all clear, and I’ll run the WG LC in parallel.
> I have double checked.
> I think that the introduction needs some text explaining that this
document
> is Historial. That paragraph would also have an informative reference to
> pcap"ng".
> Is there a recommended template for that?
What I have so far:
https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-pcap/pull/162
This document describes the historical format used by tcpdump, and other
programs using libpcap, to read and write network traces.
This document describes version 2 of the pcap format.
This document is published as historical, as there has existed for some time,
an updated format originally called "pcapng", that replaces this file format.
See {{?I-D.ietf-opsawg-pcapng}}
No new extensions for this format are expected, although new LINKLAYER types
that are registed using {{!I-D.ietf.opsawg-pcaplinktype}} can be included in
pcap files.
A major limitation of the pcap v2 format described here is that files consist
of a header which is different than the other blocks in the file.
This prevents pcap v2 files from being simply concatenated for processing.
It is also difficult to break pcap v2 files apart, as a new header always needs
to be placed at the beginning of any new file. The pcapng format does not
suffer from these problems.
More significantly, pcap v2 files can only contain packets in a single LINKTYPE
format, and this often means that packets are often from a single network
interface as not all LINKTYPEs include a way to indicate which interface a
packet is from.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
