tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proposed new pcap format

From: Darren Reed <darrenr () reed wattle id au>
Date: Mon, 12 Apr 2004 19:16:00 +1000 (EST)
In some email I received from Loris Degioanni, sie wrote:
[ Charset ISO-8859-1 unsupported, converting... ]

Ok, I'm going to add a 8-byte hash option for the packet block. Can anybody
suggest the hashing algorithm?


You obviously sent this before reading another email I sent on this.

Today, some people might want MD-5, others SHA-1 and in the future,
there may be other hashing algorithms that are better to use.  And
there are times when we might want it off (algorithm 0, for example.)

As such, I believe this option should be a (type,value) pair, if we
can agree that the hash value in the option header is a hash over the
entire record returned by the kernel (with the value of the hash set
to 0.)  And yes, the kernel computes the hash.

Darren


In some email I received from Ronnie Sahlberg, sie wrote:

Oh, I forgot.

Another useful thing to have is an option for the packet block where one
would store
a reasonably collission-safe 8-byte hash of the packet data.

This would make it much easier to compare two different capture files to

see

where packets are missing etc.


I'll agree that this, as part of the per-packet header, would be a useful
addition to the pcap format.  No need for chained hashing, just

per-record.


Darren
-


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

.


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: