Wireshark mailing list archives
Re: Using wiretap library in a project
From: Daniel <neagarudan () gmail com>
Date: Fri, 04 Jan 2013 01:48:34 +0100
Thanks, that answered all my questions. On 01/03/2013 09:00 PM, Guy Harris wrote:
On Jan 3, 2013, at 8:25 AM, Neagaru Daniel <neagarudan () gmail com> wrote:Yes, it would be a solution, since I didn't find anything related to pcap-ng in pcap(3) documentation,The latest version of the pcap_open_offline(3PCAP) man page says: DESCRIPTION pcap_open_offline() is called to open a ‘‘savefile’’ for reading. fname specifies the name of the file to open. The file can have the pcap file format as described in pcap‐savefile(5), which is the file format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcap‐ng file format, although not all pcap‐ng files can be read. The name "‐" in a synonym for stdin. It *should* say "as written by, among other programs...", as those programs can, if using a sufficiently recent version of libpcap, *read* pcap-ng files in which all the interfaces have the same link-layer header type and snapshot length (the current libpcap/WinPcap APIs don't let you get per-interface link-layer header types or snapshot lengths; they assume there's only one link-layer header type and snapshot length per file) and all the sections have the same byte order (for the same reason - yes, libpcap supports pcap-ng files with multiple Section Header Blocks). Note that no WinPcap version based on libpcap 1.1.0 or later has been released, so this only works on UN*X, not on Windows.I thought pcap-ng is not supported yet.No - as Evan Huus noted, it's been supported since 1.1.0, although I'd still call it "limited" in the current version; some bugs are fixed in the current version, but it still only has the old API and thus can't handle captures with multiple link-layer header types, snapshot lengths, etc..Where can I find the recent documentation regarding pcap-ng?Regarding pcap-ng or regarding libpcap support for it? For pcap-ng itself, see http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html For libpcap support for it, see the man page on a system with a recent version of libpcap, or see http://www.tcpdump.org/manpages/pcap_open_offline.3pcap.html ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Using wiretap library in a project Neagaru Daniel (Jan 03)
- Re: Using wiretap library in a project Evan Huus (Jan 03)
- Re: Using wiretap library in a project Neagaru Daniel (Jan 03)
- Re: Using wiretap library in a project Evan Huus (Jan 03)
- Re: Using wiretap library in a project Guy Harris (Jan 03)
- Re: Using wiretap library in a project Daniel (Jan 03)
- Re: Using wiretap library in a project Neagaru Daniel (Jan 03)
- Re: Using wiretap library in a project Evan Huus (Jan 03)