hi, I tried to send this to the pcap-ng mailing list but it looks like it failed. Regards Anders
________________________________ From: Anders Broman Sent: den 4 juni 2012 09:06 To: '[email protected]' Subject: FW: New block types to save the result of analysing a capture(Port map) Hi, It could be useful to have pcap-ng blocks to save information across analysis sessions such as which protocol is to be dissected for UDP/TCP/SCTP/.../ packets to/from a port combination especially if the packets forming the basis for determining that is no longer in the trace e.i filtered out. There might also be a need for vendor specified blocks to save information in a form specific to a analysis tool such as Wireshark. How about specifying a block similar to the address resolution block listing containing: Carrier protocol (UDP) IP A Port A IP B PORT B Destination protocol RTP One problem is the protocol names, is a registry needed? String or number representation? etc.. Comments? Regards Anders
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
