Wireshark mailing list archives
Re: “bytes on wire” vs. “bytes captured”
From: Guy Harris <guy () alum mit edu>
Date: Mon, 22 Jul 2019 11:26:05 -0700
On Jul 22, 2019, at 8:27 AM, Holger Pfrommer <HPfrommer () hilscher com> wrote:
thanks for your clarification. So I assume pcapng would be a good future-proof choice.
...as would adding a new link-layer header type, which would be supported in both pcap and pcapng.
Which leads to the next question. When I put a vendor-specific options block to an EPB, how would I be able to dissect this in my dissector?
That would require changes to the pcapng file-reading code and to the dissection code. The problem is that the routines that read records from a capture file don't have a mechanism to provide a complete list of options to the code calling those routines (not even for *standard* options); this needs to be fixed, but hasn't been fixed yet. A new link-layer header type would be easier to support with the current code base. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- “bytes on wire” vs. “bytes captured” Holger Pfrommer (Jul 19)
- Re: [Wireshark-dev] “bytes on wire” vs. “bytes captured” Jasper Bongertz (Jul 19)
- Re: “bytes on wire” vs. “bytes captured” Guy Harris (Jul 19)
- Re: “bytes on wire” vs. “bytes captured” Stephen Donnelly (Jul 21)
- Re: “bytes on wire” vs. “bytes captured” Holger Pfrommer (Jul 22)
- Re: “bytes on wire” vs. “bytes captured” Guy Harris (Jul 22)
- Re: “bytes on wire” vs. “bytes captured” Guy Harris (Jul 19)
- Re: [Wireshark-dev] “bytes on wire” vs. “bytes captured” Jasper Bongertz (Jul 19)