tcpdump mailing list archives

Re: What is the main reason in absent append

From: Stephen Donnelly <stephen () endace com>
Date: Fri, 17 Feb 2006 09:06:01 +1300

On Thu, 2006-02-16 at 20:17 +0300, Mikhail Manuylov wrote:

Hi there,

All I wonder is why tcpdump still hasn't any binary dump append feature.


The biggest problem I imagine is that the resulting file would have only
one header block, so the configuration of the capture for the appended
records would have to be the same as for the original file.

I'm not sure how you could check for or enforce this?

The 'NTAR' file format intended for pcap-ng supports directly appending
capture files together, allowing new header blocks to redescribe the
interfaces and capture parameters.

Stephen.
-- 
-----------------------------------------------------------------------
    Stephen Donnelly BCMS PhD           email: sfd () endace com
    Endace Technology Ltd               phone: +64 7 839 0540
    Hamilton, New Zealand               cell:  +64 21 1104378
-----------------------------------------------------------------------

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

What is the main reason in absent append capabilities of tcpdump and libpcap? Mikhail Manuylov (Feb 16)
- Re: What is the main reason in absent append capabilities Guy Harris (Feb 16)
  - Re: What is the main reason in absent append capabilities Ed Maste (Feb 16)
    - Re: What is the main reason in absent append capabilities Mikhail Manuylov (Feb 17)
- Re: What is the main reason in absent append Stephen Donnelly (Feb 16)
  - Re: What is the main reason in absent append Guy Harris (Feb 16)
    - Re: What is the main reason in absent append Christian Kreibich (Feb 20)
    - Message not available
    - Re: What is the main reason in absent append Mikhail Manuylov (Feb 27)
    - Re: What is the main reason in absent append Mikhail Manuylov (Feb 27)