pcap-ng ...

Richard Sharpe

unread,

Jun 26, 2012, 12:20:02 AM6/26/12

to pcapr...@googlegroups.com

Hi folks,

We are starting to work on completing the pcap-ng standard. There are some useful features in pcap-ng already, and Wireshark and tshark support pcap-ng.

However, there is more to do, and feedback from groups who might be interested in welcome.

See here: http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html and https://www.winpcap.org/mailman/listinfo/pcap-ng-format

Guy Harris

unread,

Jun 26, 2012, 12:35:45 AM6/26/12

to pcapr...@googlegroups.com

On Jun 25, 2012, at 9:20 PM, Richard Sharpe wrote:

> We are starting to work on completing the pcap-ng standard. There are some useful features in pcap-ng already, and Wireshark and tshark support pcap-ng.

...and libpcap 1.1 and later, and thus applications using libpcap such as tcpdump, can read some pcap-ng files (files where all the interfaces have the same link-layer type and snapshot length), although it doesn't supply the application with any of the additional information that's in pcap-ng files (that would require new programming interfaces in libpcap).

Richard Sharpe

unread,

Jun 26, 2012, 1:18:34 AM6/26/12

to pcapr...@googlegroups.com

We missed you at Sharkfest, Guy.

There has been some discussion about trying to come out with a libpcap-ng that fixes some of those problems.

Can you tell me what the issues are with Linux's support of the any device? It would be useful to be able to get IDBs for each of the interfaces.

Reply all

Reply to author

Forward