Gerald Combs schrieb: > Pekka Pietikainen wrote: > >> Oh. If you add a new DLT_ value, having it in a way that is extensible >> + has a way of saying "Here's the raw packet data. It's plain old >> DLT_EN10MB". And the next one might be 802.11 and the next one 802.11 with >> a radiotap header. >> Ugliest hack I've seen for a quite a while ;-) > The Per-Packet Information header (PPI) does exactly that: > http://www.cacetech.com/documents/ Hmmm, after I took a deep look at the pcapng format I guess this would be the way to go for me. As it contains all stuff that I need (and some optional stuff that I don't need to implement as a first step) ;-)
There are things that PPI is missing, e.g. meta information if captured from more than one capture interface (which is one of the things I need first). I see that bringing pcapng to life in Wireshark will be some effort to do. However, I tend to do things right so I can build on that cleanly. So what's the state of pcapng? The spec seems ok, at least for the parts I'm interested in. Is there a "real world" implementation (except for the ntar library, which is low level "only")? Are there some example capture files somewhere? Regards, ULFL _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
