tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap file format documentation

From: Stephen Donnelly <stephen () endace com>
Date: Mon, 20 Mar 2006 16:11:34 +1200
It may be worth noting (AFAIK) the libpcap file format is intended to be
opaque, with access for read/writing provided only by libpcap itself.

This allows the implementation of the file format to be changed by the
libpcap maintainers, while remaining transparent to the user.

If you write your own code to read/write the current libpcap file format
it may not deal with older files or with potential new changes (aka
pcap-ng, pcap 1.0, NTAR etc)

Stephen.

On Sun, 2006-03-19 at 17:59 -0800, Don Morrison wrote:

Hello,

Is there documentation describing the pcap file formats (other than
the libpcap source)?

Thanks,
Don
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

-- 
-----------------------------------------------------------------------
    Stephen Donnelly BCMS PhD           email: sfd () endace com
    Endace Technology Ltd               phone: +64 7 839 0540
    Hamilton, New Zealand               cell:  +64 21 1104378
-----------------------------------------------------------------------

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: