tcpdump mailing list archives
Re: pcap file format documentation
From: Stephen Donnelly <stephen () endace com>
Date: Mon, 20 Mar 2006 17:12:27 +1200
Hi Don, That sounds quite likely. This may well be a case where you need to edit the file directly, and it seems unlikely that the compatibility issues I mentioned would be a problem. Alternatively have you looked to see if NetDude will do what you want? Stephen. On Sun, 2006-03-19 at 20:43 -0800, Don Morrison wrote:
Hi Stephen, Here's the problem. I'm dealing with corrupted pcap files, where the last packet was partially written, but it's not of interest and all I want to do is truncate the last packet. My assumption is that libpcap's API will not allow me to deal with this since programs that are dependent on it (tcpdump, ethereal) hang when attempting to open any such file. Is this assumption incorrect? Thanks, Don On 3/19/06, Stephen Donnelly <stephen () endace com> wrote:It may be worth noting (AFAIK) the libpcap file format is intended to be opaque, with access for read/writing provided only by libpcap itself. This allows the implementation of the file format to be changed by the libpcap maintainers, while remaining transparent to the user. If you write your own code to read/write the current libpcap file format it may not deal with older files or with potential new changes (aka pcap-ng, pcap 1.0, NTAR etc) Stephen. On Sun, 2006-03-19 at 17:59 -0800, Don Morrison wrote:Hello, Is there documentation describing the pcap file formats (other than the libpcap source)? Thanks, Don - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.-- ----------------------------------------------------------------------- Stephen Donnelly BCMS PhD email: sfd () endace com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 ----------------------------------------------------------------------- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
-- ----------------------------------------------------------------------- Stephen Donnelly BCMS PhD email: sfd () endace com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 ----------------------------------------------------------------------- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- pcap file format documentation Don Morrison (Mar 19)
- Re: pcap file format documentation Stephen Donnelly (Mar 19)
- Re: pcap file format documentation Don Morrison (Mar 19)
- Re: pcap file format documentation Stephen Donnelly (Mar 19)
- Re: pcap file format documentation Jefferson Ogata (Mar 19)
- Re: pcap file format documentation Don Morrison (Mar 19)
- Re: pcap file format documentation Jefferson Ogata (Mar 20)
- Re: pcap file format documentation Don Morrison (Mar 20)
- Re: pcap file format documentation Jefferson Ogata (Mar 23)
- Re: pcap file format documentation Don Morrison (Mar 23)
- Re: pcap file format documentation Don Morrison (Mar 19)
- Re: pcap file format documentation Don Morrison (Mar 24)
- Re: pcap file format documentation Guy Harris (Mar 24)
- Re: pcap file format documentation Jefferson Ogata (Mar 24)
- Re: pcap file format documentation Don Morrison (Mar 24)
- Re: pcap file format documentation Stephen Donnelly (Mar 19)