On Dec 5, 2016, at 1:18 PM, Martin Dubuc wrote:
> I am working on an application that requires to store packets in PCAPNG
> format. My understanding is that there isn't support for saving packets in
> PCAPNG format in the current code base. I have noticed that Apple has
> created an API in its cu
I am working on an application that requires to store packets in PCAPNG
format. My understanding is that there isn't support for saving packets in
PCAPNG format in the current code base. I have noticed that Apple has
created an API in its custom version of libpcap (latest version can be
viewed at h
On Jul 20, 2014, at 6:12 AM, Michael Richardson wrote:
>
>> In addition we've added some non-standard packet metadata that tell us
>> why process is responsible for what traffic.
>
>> The stuff we added is not necessarily portable and I open to requests
>> to make the code so available on othe
>Are there specific things in a new API that would make wireshark happier?
>feel free to start a new thread ;-)
Having a packet header that could be written to file directly might be a good
idea
/* pcap-ng Enhanced Packet Block without actual packet, options, and trailing
* Block Total Length
On Thu, Jul 03, 2014 at 11:52:03AM -0400, Michael Richardson wrote:
>
> Guy Harris wrote:
> > The current libpcap support uses the existing APIs, which can't expose
> > the full capabilities of pcap-ng; it requires all interfaces in the
> > pcap-ng file to have the same link-layer hea
Guy Harris wrote:
> The current libpcap support uses the existing APIs, which can't expose
> the full capabilities of pcap-ng; it requires all interfaces in the
> pcap-ng file to have the same link-layer header type and snapshot
> length, and all sections of the pcap-ng file to ha
On Jul 2, 2014, at 2:47 PM, Michael Richardson wrote:
> There has been discussion at the IETF about standardizing PCAPNG,
> and I was just wondering where we were in actually using it ourselves!
> It's better than I had feared, but worse than I'd hoped.
>
> As far as I can tell, we have support
I am preparing the tcpdump 4.6.0 release.
There are a bunch of test cases that fail on my desktop. Travis shows no
failures, and I'm investigating.
There has been discussion at the IETF about standardizing PCAPNG,
and I was just wondering where we were in actually using it ourselves!
It's better
