Re: New magic number

["Francisco Mesquita" <francisco.mesquita () radiomovel pt>]

Hello there,


Merely assigning a new magic number doesn't mean it'll be recognized by 
libpcap - we'd have to modify libpcap to handle that, which means that 
current versions of libpcap won't recognize it.

I understand that, I will send you the necessary changes to the file
savefile.c as soon as I have the magic number (at least to have reading
compatibility).


Note also that we are developing a new capture file format that will 
support at least some of the information you're adding, although it 
will not put all of it in the beginning of the packet (the drop counts 
will probably be at the *end* of the file - we want to allow files to 
be written purely sequentially, so that, for example, they can be 
written to a pipe.

It sounds great, and I agree that the stats should be at the end of the
file, the only reason I was putting them at the beginning was to make it
compatible with the current format.
When do you expect the new format will be available? If I can help, let
me know.


I will explain to you the reasons I need the fields I have put in the
header:
The purpose of the game is to have traffic statistics calculated from
the packet dumps so,
1. The stats are needed to check the validity of the statistics; if 50%
of the packets are dropped, the calculated traffic is bound to be wrong.
Since you are going to extend the format of the dump file, I guess that
you will put there all the stats available, more stats than the ones I
need.
2. The IP and netmask are used to find the network scope.
3. The start and end time to calculate averages. This is actually a
little tricky because I am rotating the files at fixed time intervals,
for example, at 0:00, 0:05, 0:10..., all the files having exactly 5
minutes of data.

I have done all the code, if you are kind enough to accommodate my needs
in libpcap (if you think they make sense to other users), I will
contribute to the development. I have been a professional C code
developer so I think it is safe for you :).

I appreciate all the comments you have on this.

Best regards,
Francisco Mesquita



***********************************************************************
AVISO DE CONFIDENCIALIDADE

Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais e destinados ao conhecimento e 
uso exclusivo do respectivo destinatário, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este 
e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem. O correio 
electrónico não garante a confidencialidade dos conteúdos das mensagens, nem a recepção adequada dos mesmos. Caso o 
destinatário deste e-mail tenha qualquer objecção à utilização deste meio deverá contactar de imediato o remetente.

 CONFIDENTIALITY WARNING

This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to whom they are addressed. Their contents may not be altered. If you have received this e-mail in error please 
notify the sender and destroy it immediately. Please note that Internet e-mail neither guarantees the confidentiality 
of the messages sent using this method of communication nor the proper receipt of the said messages. If the addressee 
of this message objects to the use of Internet e-mail, please communicate it to the sender.

***********************************************************************
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.