(Gerald, you're on tcpdump-workers
On Oct 16, 2008, at 11:32 AM, Phil Vandry wrote:
On Thu, Oct 16, 2008 at 09:07:17AM -0700, Gerald Combs wrote:
Debian and Ubuntu have the following entry in /etc/mime.types:
application/cap cap pcap
It's a start but I don't agree with the choice of type. First they
ignored the specification which clearly says that only types
registered
with IANA or published as RFCs can be named without the "x-" prefix
(see RFC2045 section 5.1). Second and perhaps more importantly,
"cap" is a poor description...
I prefer "application/x-libpcap-capture" since it's more
descriptive. Would it
...as you already point out.
In addition, "cap" as a suffix doesn't uniquely identify libpcap files
- it doesn't uniquely identify *any* type of file; there are at least
two network analyzers for Windows, with different file formats, that
use .cap as the file suffix (Microsoft Network Monitor and Sniffer).
Since libpcap captures are a well-established and popular filetype I
would like to undertake the full IANA process for an officially
registered type but I hope it's not too daunting.
http://www.iana.org/assignments/media-types/index.html
ftp://ftp.rfc-editor.org/in-notes/rfc4288.txt
The latter says
A precise and openly available specification of the format of each
media type MUST exist for all types registered in the standards tree
and MUST at a minimum be referenced by, if it isn't actually included
in, the media type registration proposal itself.
I've considered biting the bullet and writing up a pcap(5) man page,
as part of libpcap. Libpcap 1.0 will probably come out later this
month, so perhaps it's time to write it.
Hopefully they won't expect the spec to include a description of the
link-layer header for each DLT_ value.
That's a good question. I'm not familiar with Pcap-NG so I will let
others answer but I suggest asking the question, "is a user likely
to need different treatment for Pcap-NG files or is the user likely
to consider Pcap-NG and plain Pcap to be substantially different
types?". If the answer is no, I recommend that they share the same
MIME type.
I think the answer would be "no". There's a media type application/
vnd.ms-excel, but Microsoft have, I think, changed Excel format over
time in very significant ways that render newer spreadsheets not at
all readable by older versions; the page for it:
http://www.iana.org/assignments/media-types/application/vnd.ms-excel
says
Comments This Media Type/OID is used to identify Microsoft Excel
generically (i.e., independent of version, subtype, or platform
Pcap-ng files are intended to be read by the same sorts of programs
that read pcap files. At some point, libpcap will
1) add the ability to read some pcap-ng files with the current API
and
2) get new APIs to read all pcap-ng files - which will also be able
to read pcap files
so applications using libpcap should be able to read both, and
Wireshark (which doesn't use libpcap to read capture files) will also
be able to read both.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
