I am thinking about adding a SHA1 signature to each of the packets captured by TCPDUMP. I was poking around libpcap and I have some different ideas on how to do. One way would be to create a new TCPDUMP magic number and then change the packet header to include the SHA1. Another way would be to create a new TCPDUMP magic number and put the SHA1 between the packet header and the data. Another way would be to create a new DLT_ type for each of the links I deal with and add the SHA1 somewhere within the data.
I would like to have wireshark still be able to look at the data. If wireshark uses libpcap then everything should be hidden. Otherwise, I am digging into the wireshark code as well. Any ideas? Thanks, Bruce - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
