Wireshark mailing list archives
FW: New block types to save the result of analysing a capture(Port map)
From: Anders Broman <anders.broman () ericsson com>
Date: Mon, 4 Jun 2012 09:47:42 +0200
hi, I tried to send this to the pcap-ng mailing list but it looks like it failed. Regards Anders ________________________________ From: Anders Broman Sent: den 4 juni 2012 09:06 To: 'pcap-ng-format () winpcap org' Subject: FW: New block types to save the result of analysing a capture(Port map) Hi, It could be useful to have pcap-ng blocks to save information across analysis sessions such as which protocol is to be dissected for UDP/TCP/SCTP/.../ packets to/from a port combination especially if the packets forming the basis for determining that is no longer in the trace e.i filtered out. There might also be a need for vendor specified blocks to save information in a form specific to a analysis tool such as Wireshark. How about specifying a block similar to the address resolution block listing containing: Carrier protocol (UDP) IP A Port A IP B PORT B Destination protocol RTP One problem is the protocol names, is a registry needed? String or number representation? etc.. Comments? Regards Anders
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- FW: New block types to save the result of analysing a capture(Port map) Anders Broman (Jun 04)