Wireshark mailing list archives
Re: wireshark 1.6+: pcapng NBR blocks
From: Jose Pedro Oliveira <jpo () di uminho pt>
Date: Wed, 07 Dec 2011 16:46:56 +0000
On 2011-12-07 06:34, Anders Broman wrote:
Jose Pedro Oliveira skrev 2011-12-06 18:24:Hi, According to the Wireshark 1.6 release notes [1], tshark is able to read and write host name information from and to pcapng, but I can't figure out how to make tshark create NBR blocks during, or at the end, of a capture. A pcapng file created with tshark 1.7.1svn only seems to have SHB, IDB, EPB and ISB blocks. Could someone give me a hint?For what it's worth this is the code changes that added the functionality http://anonsvn.wireshark.org/viewvc/trunk/tshark.c?r1=36077&r2=36318
Andres, Thanks for the source code pointer. Right now I'm still unable to have the NBR block(s) written to file even when I use the "-W n" or "-H /etc/hosts" tshark command line options (BTW: these options are only documented in the man page, i.e., they aren't listed by the -h option). At least the very simple test program - ntartest [1] - doesn't list it. This also brings me to ask another question: what tools are people using to dump/debug pcapng files (blocks, options, ...)? 1) the ntartest program is too simple. 2) the ntar library [2] appears to be more promising but is currently missing several plugins (at least for EPB, ISB, NBR blocks). It also appears to have frozen in time (no public source code repository available). Regards, jpo [1] - Listed in the Wiki page http://wiki.wireshark.org/Development/PcapNg [2] - http://www.winpcap.org/ntar/ -- José Pedro Oliveira * mailto:jpo () di uminho pt * ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- wireshark 1.6+: pcapng NBR blocks Jose Pedro Oliveira (Dec 06)
- Re: wireshark 1.6+: pcapng NBR blocks Anders Broman (Dec 06)
- Re: wireshark 1.6+: pcapng NBR blocks Jose Pedro Oliveira (Dec 07)
- Re: wireshark 1.6+: pcapng NBR blocks Anders Broman (Dec 07)
- Re: wireshark 1.6+: pcapng NBR blocks Chris Maynard (Dec 12)
- Re: wireshark 1.6+: pcapng NBR blocks Jose Pedro Oliveira (Dec 07)
- Re: wireshark 1.6+: pcapng NBR blocks Anders Broman (Dec 06)