tcpdump mailing list archives
Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture?
From: Richard Sharpe <rsharpe () richardsharpe com>
Date: Mon, 9 Jun 2003 12:24:08 -0700 (PDT)
On Mon, 9 Jun 2003, Hannes Gredler wrote:
i'd rather propose a new DLT type that encapulates those frames;
Hmmm, if you are proposing a DLT type that says that the real DLT type is in the frame header, then I agree, as that will make the compatibility issues go away, I think. In that case, can I propose: /* Define a comment frame ... */ #define DLT_COMMENT 0xFFFE /* * Define a DLT type that says the real DLT type * is in each frame header */ #define DLT_PER_FRAME_TYPE 0xFFFF And then suggest that we come up with a frame header format that allows us to handle such capture files?
/hannes On Sun, Jun 08, 2003 at 12:29:31AM -0700, Richard Sharpe wrote: | Hi, | | For a number of reasons it would be useful to have a capture file format | that includes multiple link-type records. This does not seem to be allowed | by the current pcap format. | | Some of the reasons include: | | - Being able to include packets from many interfaces in the one capture | file | | - Being able to include information records in the capture file, | for pedagogic or other reasons. | | Is it possible to define a new pcap version that includes a linktype field | in the header of each packet? | | Regards | ----- | Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, | sharpe[at]ethereal.com, http://www.richardsharpe.com | | - | This is the TCPDUMP workers list. It is archived at | http://www.tcpdump.org/lists/workers/index.html | To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
-- Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Is any work going on to improve the pcap format so we have have multuple link-types per capture? Richard Sharpe (Jun 08)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Hannes Gredler (Jun 09)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Richard Sharpe (Jun 09)
- <Possible follow-ups>
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Richard Sharpe (Jun 09)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Guy Harris (Jun 09)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Richard Sharpe (Jun 09)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Guy Harris (Jun 09)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Richard Sharpe (Jun 10)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Hannes Gredler (Jun 10)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Richard Sharpe (Jun 10)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Guy Harris (Jun 09)
- Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture? Hannes Gredler (Jun 09)