Wireshark mailing list archives
What is the history and status of PCAP Next Generation?
From: Matthias <wireshark () matthias fastmail fm>
Date: Mon, 30 Sep 2013 10:57:07 +0200
Hi, I'm looking at the PCAP Next generation file format. I thought people here might know more about it. Questions first, explanation below. Q1: Is the version of the pcap-ng spec I found the latest one? https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html Q2: What is the status of pcap-ng? * "it works fine, everyone's using it, it just isn't an RFC" or * "it's an abandoned effort, plain pcap is good enough" or * "all development has moved to X, take a look at X" Here's what I've figured out by surfing a bit: 2004: People wrote an Internet Draft about a new PCAP format. I found it here: http://www.tcpdump.org/pcap/pcap.html 2007/2008: Wireshark got support for pcap-ng. I see mail from e.g. Ulf Lamping about implementing it: http://article.gmane.org/gmane.network.wireshark.devel/7235/match=pcapng 2007/2008/2009: Small changes were made to the now expired Internet draft by the original authors, plus Guy Harris and Ulf Lamping. As far as I can tell, some tools, e.g. 'tcpdump' never moved to pcap-ng. But other tools, e.g. wireshark and dumpcap, seem to use it by default. I'm guessing that the answer to my questions is Q1: Yes Q2: It works fine, everyone's using it, it just isn't an RFC. Matt. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- What is the history and status of PCAP Next Generation? Matthias (Sep 30)
- Re: What is the history and status of PCAP Next Generation? Guy Harris (Sep 30)